Values for content-security-policy: upgrade-insecure-requests 14,050 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 13,409 upgrade-insecure-requests; 7,347 frame-ancestors 'self' 5,291 block-all-mixed-content 2,434 frame-ancestors 'self'; 1,519 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 1,262 block-all-mixed-content; 1,259 frame-ancestors 'none' 960 frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 943 frame-ancestors 'none'; 475 default-src https: data: 'unsafe-inline' 'unsafe-eval' 471 frame-ancestors 'self' https://*.ally.ac; 386 report-to network-errors 347 320 frame-ancestors 'self' ; 266 default-src * data: 'unsafe-eval' 'unsafe-inline' 260 report-uri /report-csp-violation 251 img-src https: data:; upgrade-insecure-requests 231 frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com 196 default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; 155 frame-ancestors 'self' https://app.kajabi.com 147 upgrade-insecure-requests; frame-ancestors 'self' 121 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 114 frame-ancestors 'self' https://explore.oracle.com https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com 110 frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 109 frame-ancestors 'self' http://webvisor.com 102 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 96 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob: wss://realtimeeventfeeds.viafoura.co wss://sub.viafoura.co; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 93 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 92 child-src * blob: 86 default-src 'self' http: https: data: blob: 'unsafe-inline' 84 frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 82 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 80 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js; style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ; connect-src 'self' blob: blob https://*.mmcdn.com https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://txn.apac.paywithpoli.com https://player.vimeo.com; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce; 76 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 76 frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 75 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self' 74 default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 72 default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 72 frame-ancestors 'self'; upgrade-insecure-requests 64 sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 64 frame-ancestors * 61 frame-ancestors about: 'self' 60 default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 60 object-src 'none' 59 frame-ancestors 'self' *.google.com *.googleusercontent.com 59 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 54 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 52 report-uri /report-csp-violation; upgrade-insecure-requests 51 frame-ancestors 'self' www.bookends.info *.bookends.info 50 frame-ancestors 'self' https://*.brightsites.co.uk; 49 default-src 'none' 49 default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com 'self' blob:; frame-src *; worker-src * 'unsafe-inline' blob:; 49 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com widget.helpcrunch.com connect.facebook.net stats.pusher.com secure.payu.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com; 48 script-src 'unsafe-inline' 'unsafe-eval' http: https: 47 frame-ancestors 'self' https://*.sitewrench.com 47 frame-ancestors 'self' https://*.plazz.net ; 44 base-uri 'self'; 42 report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.fbsbx.com https://*.giphy.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://graphql.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com https://*.i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 40 default-src 'self' blob: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' data: blob: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 40 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 40 * 40 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 39 default-src='self' 39 default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com wss://alive.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations raw.githubusercontent.com github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 39 report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nookie.com *.fospha.com *.shorthand.com *.shorthandstories.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net *.pardot.com sc-static.net *.tiktok.com *.snapchat.com *.ibytedtos.com *.arabclicks.com js.hsadspixel.net js.usemessages.com *.go-mpulse.net t1.daumcdn.net bc.ad.daum.net wcs.naver.net; 39 frame-ancestors none; 37 frame-ancestors 'self' azeu.marketing.adobe.com 36 frame-ancestors 'self' *.pubble.nl *.pubble.cloud *.pubble.dev *.omnyo.nl 36 frame-ancestors self 35 default-src 'self' 35 script-src 'self' 35 frame-ancestors 'self' https://preview.citynavigator.nl 35 frame-ancestors 'self' https://*.adobe.com https://*.navisperformance.com 34 default-src 'self' 'unsafe-inline' 34 frame-ancestors 'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com abcnews.go.com abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com 33 default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com cdn.inspectlet.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google.de www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi;frame-ancestors 'self'; 32 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 32 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 31 frame-ancestors 'self' ; base-uri 'self'; 31 policy-definition 31 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 30 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp®ion=US&lang=en-US&device=desktop&partner=default; 29 default-src 'self'; connect-src *.g.doubleclick.net 'self' www.google-analytics.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://optimize.google.com optimize.google.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 29 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 29 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 28 default-src 'self'; connect-src https:; font-src https:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 28 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 27 default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 27 default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; report-uri https://monitor.ebay.com/csp-report/r1highlnfe38/Highline_Homepage 26 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 26 frame-ancestors 'self' https://mycolorcoach-cpd.e-loreal.com 26 default-src http: https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.gov.cn 26 frame-ancestors 'self' https://widget.stackla.com https://app-sj14.marketo.com https://store.nvidia.com https://resources.nvidia.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com https://www.nvidia.cn https://wwwstage.nvidia.com https://www.nvidia.com https://events.rainfocus.com https://store.nvidia.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in https://shop.nvidia.com; 25 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 25 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 25 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 25 default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 25 "upgrade-insecure-requests" 25 base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; report-uri https://www.cspreport.nl 25 script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 24 connect-src http://ip-api.com/ 'self' https: data: 24 frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com *.nationalparktripsmedia.com nationalparktrips.com *.betamtb.com betamtb.com *.mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com 23 upgrade-insecure-requests; block-all-mixed-content; 23 frame-ancestors https://cue.forum.cue.cloud 23 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 23 upgrade-insecure-requests; object-src 'none'; form-action 'self' *.indeed.com https://go.indeedassessments.com/ https://take.indeedassessments.com/; frame-src 'self' *.indeed.com https://accounts.google.com/ https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; frame-ancestors 'self' *.indeed.com ; img-src 'self' *.indeed.com data: d13w2n5a9i6r56.cloudfront.net d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net d3nbup7htlluyi.cloudfront.net https://indeed-labs-jp-baito.s3.amazonaws.com https://res.cloudinary.com www.google-analytics.com https://www.google.com/ads https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://stats.g.doubleclick.net https://*.tvpixel.com/* https://*.optimizely.com/* https://d.turn.com/* https://idsync.rlcdn.com/* https://pt.ispot.tv; default-src 'self' 'unsafe-inline' data: *.indeed.com d3fw5vlhllyvee.cloudfront.net d3fw5vlhllyvee.cloudfront.net https://smartlock.google.com/ https://d13w2n5a9i6r56.cloudfront.net/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://d3fw5vlhllyvee.cloudfront.net/frontend-sentry-bundle/v1.1.2/js/sentry.js https://apis.google.com/js/platform.js https://app-sj07.marketo.com/js/forms2/js/forms2.min.js https://browser.sentry-cdn.com/4.3.3/bundle.min.js https://browser.sentry-cdn.com/4.4.2/bundle.min.js https://*.tvpixel.com/* https://*.optimizely.com/* https://cdn.optimizely.com/js/10668710116.js https://munchkin.marketo.net/munchkin.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://pxl.indeed.com/* https://match.prod.bidr.io/cookie-sync/indeed https://rs.fullstory.com/rec/ https://d2k1bn3ko1qk4.cloudfront.net https://itad.indeed.com/* https://pres.indeed.com/*; 22 default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 22 frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 22 self 22 frame-ancestors 'self'; img-src 'self' i.notino.com cdn.notinoimg.com blob: data: *; 22 default-src * data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 22 frame-ancestors 'self' https://medium.com 21 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.cdn77.org *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net adinvent.engine.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com *.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com trafforsrv.com serving.stat-rock.com zubivu.com *.xxxjmp.com *.feelpornx.com *.crjugate.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com cdn.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 21 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 21 script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 21 upgrade-insecure-requests;connect-src * 21 default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 21 upgrade-insecure-requests; frame-ancestors: self 21 frame-ancestors https://*.poki.io http://localhost:1234 20 frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 20 frame-ancestors 'self' https://sage.pathfactory.com https://explore.sage.com; 20 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com cdn.cookielaw.org privacyportal.onetrust.com www.google-analytics.com *.twitter.com www.youtube.com agent.nuance-va.com *.nuance-va.com cocacolaco.tt.omtrdc.net *.doubleclick.net *.coca-colacompany.com www.google.com www.gstatic.com cdn.jsdelivr.net *.pricespider.com api.mapbox.com atentochile.s1gateway.com maps.googleapis.com events.mapbox.com *.coke.com *.coca-cola.com *.yimg.com *.ccnag.com *.ads-twitter.com www.googleadservices.com sc-static.net *.sprinklr.com *.demdex.net *.adobedc.net googleads.g.doubleclick.net; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-social.janrain.com cdn.cookielaw.org ajax.googleapis.com www.cdnjs.cloudflare.com cdnjs.cloudflare.com geolocation.onetrust.com www.googletagmanager.com www.google-analytics.com *.twitter.com www.instagram.com connect.facebook.net *.krxd.net *.amazonaws.com www.google.com www.youtube.com rpxnow.com d29usylhdk1xyu.cloudfront.net s.ytimg.com www.gstatic.com unpkg.com atentochile.s1gateway.com stackpath.bootstrapcdn.com cdn.jsdelivr.net *.pricespider.com api.tiles.mapbox.com bugcrowd.com assets.bugcrowdusercontent.com *.coke.com *.coca-cola.com *.yimg.com *.ads-twitter.com *.googleadservices.com sc-static.net *.analytics.yahoo.com *.sprinklr.com *.adobedtm.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net p.typekit.net *.janrain.com cdn.cookielaw.org stackpath.bootstrapcdn.com *.pricespider.com atentochile.s1gateway.com *.tiles.mapbox.com *.sprinklr.com *.coke.com; font-src 'self' data: use.typekit.net fonts.gstatic.com atentochile.s1gateway.com *.sprinklr.com *.coke.com; frame-src 'self' *; frame-ancestors 'self' bugcrowd.com editor.wallboard.info; manifest-src 'self' data:; worker-src blob:; 20 frame-ancestors *; 20 frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 20 img-src * data:; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 20 frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 20 default-src 'none'; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' data: *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; connect-src 'self' wss://*.glr.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com 20 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 19 frame-ancestors 'self' http://hybris.com https://hybris.com https://discovery-center.cloud.sap https://www.discovery-center.cloud.sap http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com *.omtrdc.net;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.cloud.sap *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.cloud.sap *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 19 img-src data: https: 19 frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com; 19 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; 19 default-src 'self'; 19 script-src 'self' https: https://* s7.addthis.com tk3d.tk3dapi.com js.braintreegateway.com *.google.com google.com *.google-analytics.com googletagmanager.com platform.twitter.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 19 block-all-mixed-content; frame-ancestors 'self' 19 upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a 19 default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net 19 upgrade-insecure-requests; block-all-mixed-content 18 frame-ancestors 'self' https://*.funkedigital.de; 18 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: 24703.online-adventskalender.de *.arbeitsagentur.de *.assono.de *.b-ite.com *.bitkomplex.de *.bright-guide.de *.canto.global *.cdn.office.net *.cloudfront.net *.cookiebot.com *.dvinci-hr.com *.etracker.com *.etracker.de *.exmap.de *.facebook.com *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk.de *.ihk24.de *.jobcluster.de *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.multipage.online *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.org *.perbit-job.de *.podigee-cdn.net *.podigee.io *.spotify.com *.staticflickr.com *.stream24.net *.thinglink.com *.thinglink.me *.twimg.com *.twitch.tv *.twitter.com *.unikam.de *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.wirecard.com *.xing-events.com *.youstreamit.de *.youtube.com api.mapbox.com app.cituro.com app.sli.do b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com bc.pressmatrix.com berufsausbildung-aachen-ihk.de bluecard-eu.de cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.podigee.com cdn.podlove.org cdn.rlets.com cdnjs.cloudflare.com chat.gr-apps.de code.createjs.com code.jquery.com/jquery-3.1.1.min.js connect.facebook.net consentcdn.cookiebot.com corona.conterra.de cottbus-ihk-pruefungen.de covid19.webtvcampus.de cta.ihk.i40.de datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net e.issuu.com e.video-cdn.net editor.signavio.com embed.nexx.cloud events-to-impress.activehosted.com expertenpool.automatisierungsregion.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net hk24.perbit-job.de hk24.perbit-job.de html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-darmstadt-portal.rexx-recruitment.com ihk-hl.gr-live.de ihk-potsdam.perbit-job.de ihk-schwerin.wahlplus.de ihk-weiterbildung-oldenburg.de ihk.selbstdenker.com ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com inx.odav.de isi.hdb-hamburg.de komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html maxcdn.bootstrapcdn.com pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com roundme.com routenplaner.bus-bahn-thueringen.de service.tecintelli.de smart.ihk-berlin.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com static.issuu.com tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vimeo.com vstdbv3 w.soundcloud.com walls.io web.ihk-pfalz.net web.inxmail.com wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.ausbildungslauf.de www.azubi-magdeburg-ihk.de www.bahn.de www.berufe.tv www.bso-hessen.de www.etermin.net www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.terminland.de www.tfaforms.com www.vvs.de www.youtube-nocookie.com ; report-uri /blueprint/servlet/serviceport/rest/csplogging/logViolation ; 18 frame-ancestors https:; 18 default-src 'self' *.edge-cdn.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.edgekey.net *.bing.com *.ccmp.eu *.cookiebot.com *.edge-cdn.net *.google-analytics.com *.googletagmanager.com *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.vdc.lidl *.multichannelacd.de *.secrz.de *.virtualearth.net ads.yahoo.com advdl.ammadv.it analytics.google.com assets.zendesk.com c.imedia.cz cm.g.doubleclick.net connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org form.lidl.com googleads.g.doubleclick.net lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlqform.omax.cz s.adroll.com s.ytimg.com tagmanager.google.com track.adform.net us-u.openx.net www.dwin1.com www.googleadservices.com www.google.com www.youtube.com schwarz.adverity.com; img-src 'self' data: *.bing.com *.ccmp.eu *.doubleclick.net *.edge-cdn.net *.google-analytics.com *.googleusercontent.com *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.vdc.lidl *.openstreetmap.org *.osm.org *.secrz.de *.virtualearth.net advdl.ammadv.it assets.zendesk.com c.imedia.cz d.adroll.com google.de ib.adnxs.com idsync.rlcdn.com lidlplusprod.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net lidlplusstoragestaging.blob.core.windows.net s-static.ak.facebook.com ssl.gstatic.com stats.g.doubleclick.net track.adform.net www.facebook.com www.google.com www.googletagmanager.com www.gstatic.com x.bidswitch.net; style-src 'self' 'unsafe-inline' *.bing.com *.secrz.de assets.zendesk.com fonts.googleapis.com form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com form.lidl.com data: themes.googleusercontent.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.bing.com *.ccmp.eu *.edge-cdn.net *.google-analytics.com *.lidl *.lidl.com *.lidl.net *.vdc.lidl *.multichannelacd.de *.openstreetmap.org *.osm.org *.secrz.de *.test *.video-cdn.net *.virtualearth.net appgateway.lidlplus.com content.lidlplus.com form.lidl.com lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlplus-uat-api.azurewebsites.net stats.g.doubleclick.net; frame-ancestors 'self' *.bing.com *.ccmp.eu *.google-analytics.com *.googletagmanager.com *.lidl *.lidl.ch *.lidl.com *.lidl.net *.vdc.lidl *.poi-service.de *.secrz.de *.test accounts-qa.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts.lidl.com website-lidl-account-dev.azurewebsites.net *.lidl-shop.pl *.lidl-sklep.pl; 18 ; frame-ancestors 'self' 18 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 17 frame-ancestors 'self' *.jivosite.com *.jivosite.com/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.jivosite.com *.jivosite.com/ *.timeweb.net *.timeweb.ru timeweb.eu *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com onthe.io *.onthe.io i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ wss://*.jivosite.com blob: timeweb.com 17 frame-ancestors 'self' *.affino.com; 17 frame-ancestors 17 frame-ancestors kink.com mrskin-kink.com mrman-kink.com 17 default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: ; child-src blob: ; 17 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 17 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 17 object-src 'self' 17 default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 17 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 17 default-src * data: 'unsafe-inline' 'unsafe-eval' 17 frame-ancestors 'self' *.roomlynx.net 17 frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 16 frame-ancestors 'self' *.nokia.com; report-uri /report-csp-violation 16 ; 16 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 16 base-uri 'self' 16 base-uri 'self'; frame-ancestors 'self' 16 default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 16 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com *.googleapis.com *.gstatic.com https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://app-sj01.marketo.com https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com https://checkin.arriv.net https://checkin-stg.arriv.net https://checkin-dev.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://healthcheck-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://tbcdn.talentbrew.com https://www.panoskin.com https://lcp360.cachefly.net https://d2ybmd3wevur4k.cloudfront.net *.practicematch.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com *.twimg.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com https://checkin.arriv.net https://checkin-stg.arriv.net https://ms-prod.arriv.net https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com https://*.youtube.com https://app-sj01.marketo.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com; media-src 'self' data: blob: https://media.tenethealth.com; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com https://www.tenethealthpacificcoast.com; frame-src *.marketo.com *.sitefinity.xyz 'self' *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/ *.doubleclick.net *.doubleclick.com https://givebutter.com https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com https://www.practicematch.com https://my.matterport.com https://viewer.panoskin.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.googletagmanager.com *.youtube.com/iframe_api https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://img.youtube.com https://radiomd.com https://o381876.ingest.sentry.io https://checkin.arriv.net https://checkin-stg.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://ms-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://assets.grammarly.com https://stackpath.bootstrapcdn.com *.practicematch.com https://d2ybmd3wevur4k.cloudfront.net https://lcp360.cachefly.net/panoskin.min.js; 16 'self' https://ajax.googleapis.com 16 frame-ancestors devcue.diks.fi cue.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:*; 16 default-src 'self'; img-src * www.googletagmanager.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net *.cloudflare.com *.fontawesome.com *.mailchimp.com cdn.p-n.io; font-src 'self' data: fonts.gstatic.com *.typekit.net *.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *; frame-src 'self' *; connect-src 'self' *; prefetch-src *.google-analytics.com *.googlesyndication.com; 16 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 16 upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 15 upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com; 15 font-src * 15 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 15 frame-ancestors 'self'; report-uri /report-csp-violation 15 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 15 upgrade-insecure-requests;frame-ancestors 'self' engage.dnb.com; 15 default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 15 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 15 script-src 'self' 'unsafe-inline' 'unsafe-eval' player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw; frame-ancestors 'self' matomo.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de; 15 default-src 'self'; script-src 'self' 'unsafe-inline' 15 default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net tagmanager.google.com platform.twitter.com;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com cdn.cookielaw.org insight.adsrvr.org match.adsrvr.org fxctag.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com geolocation.onetrust.com cdn.cookielaw.org cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com js.adsrvr.org fxctag.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com track.celtra.com adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be cookies.onetrust.mgr.consensu.org music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com insight.adsrvr.org;worker-src 'self' blob: 15 frame-ancestors 'self' *.facebook.com *.vk.com 15 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 15 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 14 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src blob: 14 frame-ancestors none 14 default-src wss: blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src wss: 'self' https: *.amazonaws.com *.cfauthx.com *.mapbox.com data: *.accesso.com *.noibu.com ; img-src 'self' https: data: blob:; font-src 'self' data: https: ; 14 referrer origin 14 block-all-mixed-content; upgrade-insecure-requests 14 script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com; object-src 'none' 14 default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.us.coca-cola.com; 14 default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' *.ametek.com *.ametekweb.com *.sunpowerinc.com *.ameteksi.com *.ortec-online.com *.baidu.com *.boltdns.net *.bootstrapcdn.com *.brightcove.com *.brightcove.net *.brightinfo.com *.cloudflare.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.usemessages.com *.hsadspixel.net *.hubspot.com *.jquery.com *.list-manage.com *.mailchimp.com *.maxcdn.com *.pardot.com *.pingdom.net *.sharethis.com *.site24x7rum.com *.spectro.com *.thomasnet.com *.twimg.com *.twitter.com *.vimeo.com *.webtraxs.com *.youku.com *.youtube.com *.zencdn.net *.zopim.com *.vresp.com *.techmfg.com *.techmfg.cn *.techmfg.de *.techmfg.jp *.techmfg.es *.zdassets.com *.marketingautomation.services *.leadforensics.com *.constantcontact.com *.icontact.com *.leadfeeder.com https://chimpstatic.com *.zygo.com *.linkedin.com *.hootsuite.com *.3dpublisher.net *.amazonaws.com https://js.hscta.net https://js.hs-banner.com https://js.hsleadflows.net *.force.com https://analytics-eu.clickdimensions.com https://widgets.wp.com *.clickdimensions.com *.zoominfo.com https://snap.licdn.com *.salesforceliveagent.com https://bat.bing.com *.salesforce.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.lightning.com *.visualforce.com *.adobedtm.com *.rumiview.com *.simpli.fi *.googletagmanager.com *.kickfire.com *.doubleclick.net *.lightning.com *.adroll.com *.ytimg.com *.loopanalytics.com *.surveymonkey.com https://www.qlzn6i1l.com https://secure.neck6bake.com https://go.universalanalyzers.com https://go.store.universalanalyzers.com https://go.pardot.com https://go.obcorp.com https://go.csiheat.com https://go.cardinaluhp.com https://go.barbenanalytical.com https://optinmonster.com https://cdn.datatables.net 'unsafe-eval';style-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data:;frame-src * 'unsafe-inline';connect-src * 'unsafe-inline';worker-src 'self' blob:;media-src 'self' *.boltdns.net *.akamaihd.net blob:;object-src 'unsafe-inline' 'self' 14 default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://* data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 14 frame-ancestors 'self', upgrade-insecure-requests 13 require-trusted-types-for 'script';report-uri /cspreport 13 default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 13 frame-ancestors 'self'; upgrade-insecure-requests; 13 child-src 'self' https://b2b.yahooinc.com https://pages.oath.com https://www.youtube.com https://pages.yahooinc.com https://pages.verizonmedia.com https://delivery.vidible.tv https://content.uplynk.com/ https://b2b-media.yahooinc.com https://adtechpages.yahooinc.com/;worker-src 'self' blob:;frame-ancestors 'self' https://b2b.yahooinc.com https://b2b-media.yahooinc.com https://pages.yahooinc.com https://adtechb2b.yahooinc.com https://www.adtechb2b.yahooinc.com 13 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 13 report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 13 frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 13 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 13 upgrade-insecure-requests ; 13 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com http://addshoppers.s3.amazonaws.com http://connect.facebook.net https://www.gstatic.com http://www.rtb123.com http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com mpsnare.iesnare.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com *.rtb123.com *.s3.amazonaws.com https://tt.mbww.com/ https://shop.pe https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ secfld.vmmpxl.com https://isz.app.sparkinfluence.net/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://ajax.cloudflare.com https://cdn1.affirm.com/ https://www.affirm.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://sts.eccmp.com/ https://s7.addthis.com seaworld.com https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://spot.demostellar.com/1.3.0/spot.js https://api-cust1117.cheetahedp.com* *.tvpixel.com https://dfp.bouncex.net/ https://consent-pref.trustarc.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com https://static.cloudflareinsights.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com maxcdn.bootstrapcdn.com tagmanager.google.com *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com https://cdn1.affirm.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe *.scdn2.secure.raxcdn.com https://*.buschgardens.com https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com https://www.affirm.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/;frame-src 'self' s7.addthis.com https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/ https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com https://x.m.buschgardens.com/ http://www.youtube.com/ https://cdn1.affirm.com/ https://www.affirm.com/ https://seaworldcx.iad1.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://vars.hotjar.com/ https://match.adsrvr.org/ %0d%0a;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/ https://cdn.quantummetric.com/ https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://trc.taboola.com/ https://isz.app.sparkinfluence.net/ https://api-cf.affirm.com/ https://tracker.affirm.com/ https://www.affirm.com/api/v2/cookie_sent/ https://www.affirm.com/ https://*.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com https://*.hotjar.com/ https://in.hotjar.com/ wss://ws13.hotjar.com https://sts.eccmp.com/ https://spot.demostellar.com/1.3.0/spot.js https://api-cust1117.cheetahedp.com* https://api-cust1117.cheetahedp.com/ *.tvpixel.com ; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/ *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/ https://stage-media.scdn6.secure.raxcdn.com/; 13 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 13 default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 13 frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 13 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 13 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; default-src 'self' blob:; child-src 'self' blob:; connect-src 'self' blob: o1.ingest.sentry.siemens-web.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net siemens.demdex.net tools.adlytics.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com www.downloads.siemens.com api.dc.siemens.com www.facebook.com *.cf.brightcove.com cert-portal.siemens.com www.hqs.sbt.siemens.com www.google.com api.company-target.com resource.finnchat.com api-fra.livechatinc.com aem-distribuidores.siemens.com.br aem-equivalentes.siemens.com.br go.cuenect.de *.virtualevent.siemens.com assets.new.siemens.com www.siemens.at dpm.demdex.net siemens-umschluesselungstool-slplus-extreme.s3.eu-central-1.amazonaws.com www.yousty.ch directline.botframework.com wss://directline.botframework.com www.automation.siemens.com limvjirfm8.execute-api.us-east-2.amazonaws.com 7gjrjhtrwh.execute-api.us-east-2.amazonaws.com *.force.com *.salesforce.com *.salesforceliveagent.com hkekomxpr6.execute-api.eu-central-1.amazonaws.com adservice.google.com; frame-ancestors 'self' resources.dc.siemens.com siemensfactoryautomation.pathfactory.com contentpath.siemens.com mc.contentpath.siemens.com; frame-src 'self' www.facebook.com bid.g.doubleclick.net hit.sbt.siemens.com *.equitystory.com partners.sea.siemens.com secure-fra.livechatinc.com siemens.demdex.net partners.finance.siemens.ru extranet.siemens.pt www.lowvoltage.siemens.com www.siemens.at players.brightcove.net partner.vytal.org *.force.com *.salesforce.com *.salesforceliveagent.com maestrobot.s3.eu-central-1.amazonaws.com jobs.siemens-info.com pages.siemens-info.com sites.siemens-info.com; font-src 'self' data: tools.adlytics.net new.siemens.com; img-src 'self' data: android-webview-video-poster: blob: *.siemens.com brightcove04pmdo-a.akamaihd.net *.prod.boltdns.net metrics.brightcove.com googleads.g.doubleclick.net ad.doubleclick.net www.facebook.com adservice.google.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net maestrobot.s3.eu-central-1.amazonaws.com px.ads.linkedin.com adservice.google.de tr.outbrain.com trc.taboola.com www.blids.de; media-src 'self' blob: data: assets.new.siemens.com secure.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.cf.brightcove.com; object-src players.brightcove.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' w3.siemens.com tools.adlytics.net assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com *.ste.dc.siemens.com googleads.g.doubleclick.net www.google.com www.googletagmanager.com www.googleadservices.com connect.facebook.net cookies.siemens.com snap.licdn.com scripts.demandbase.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com resource.finnchat.com cdn.livechatinc.com secure-fra.livechatinc.com secure.livechatinc.com api.livechatinc.com api-fra.livechatinc.com www.sfs.siemens.de cdn.botframework.com geolocation.onetrust.com *.force.com *.salesforce.com *.salesforceliveagent.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com www.sfs.siemens.de cdn.botframework.com *.force.com *.salesforce.com *.salesforceliveagent.com; worker-src 'self' 'unsafe-inline' blob:; report-uri https://o1.ingest.sentry.siemens-web.com/api/68/security/?sentry_key=b4382018df484832b4ee2501bc82cea7&sentry_environment=sites-prod&sentry_release=fde53660; 13 frame-ancestors 'self' *.vergic.com 13 img-src *; 13 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 13 frame-ancestors 'self' https://translate.google.com 13 frame-src * 13 frame-ancestors https://*.gov.cn http://*.gov.cn http://zwfw.cq.gov.cn http://wmcs.devdemo.trs.net.cn http://www.ceirp.com:8888 http://183.64.111.243:28080 13 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 12 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 12 frame-ancestors 'self' http://localhost:* https://*.bustle.com 12 frame-ancestors http://kpmg.experiencecloud.adobe.com 12 frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net dpm.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com *.bitdefender.co.jp bitdefender.co.jp 12 frame-ancestors https://*.marketo.com 12 upgrade-insecure-requests; base-uri 'self' 12 frame-ancestors https://nurture.solarwinds.com/ https://try.solarwinds.com/ https://www.solarwinds.com/ 12 frame-ancestors "none" 12 script-src * 'unsafe-inline' 'unsafe-eval' 12 default-src * 'unsafe-inline' 'unsafe-eval' data: blob 12 frame-ancestors 'self' https://*.etracker.com 12 script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 12 default-src http: data: 'unsafe-inline' 'unsafe-eval' 12 default-src https: blob:; frame-ancestors 'self' *.ford.com.cn *.lincolnstore.com.cn *.brandaplb.ford.com *.brandap.ford.com *.brandap.lincoln.com *.brandaplb.lincoln.com *.blueland.fordstore.com.cn *.fordstore.com.cn *.brandauthoraplb.ford.com *.hosts.cloud.ford.com *.ford.com.tw *.lincoln.com.cn *.blueland.com.cn *.brandapftzlb.ford.com.cn *.wwwqa.brandap.ford.com *.wwwint.brandap.ford.com *.wwwdev.brandap.ford.com *.apps.pp01.cneast.cf.ford.com.cn; connect-src https: wss: blob:; font-src https: data:; img-src https: data: blob:; media-src https: blob:; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self';worker-src 'self' blob:; script-src-elem 'unsafe-inline' 'unsafe-eval' blob: https:; script-src-attr 'unsafe-inline' 'unsafe-eval' blob: https:; style-src-attr 'unsafe-inline' https:; style-src-elem 'unsafe-inline' https:;upgrade-insecure-requests; 12 frame-ancestors 'self' http://*.elsevier.es/ 12 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 12 frame-ancestors https: 12 default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com;style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline'; font-src * 'unsafe-inline' 12 upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 11 media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 11 frame-ancestors 'self' *.freshworks.com *.freshsuccess.com *.freshsuccess.io views.paperflite.com app.paperflite.com web.paperflite.com canvas.paperflite.com 11 report-uri /v1/csplog; block-all-mixed-content 11 default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 11 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net ssl.google-analytics.com *.google.com *.gstatic.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net *.penguin.co.uk; object-src 'self'; worker-ref blob: 11 frame-ancestors 'self' https://help.jouwweb.nl; 11 frame-ancestors 'self' *.ci360.sas.com 11 frame-src 'self' mailto: tel: https://3cx.com https://vp-wmdev.3cx.net https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.loom.com/ https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 11 default-src https: 'unsafe-inline' 'unsafe-eval' 11 base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://api.personio.de/recruiting/applicant ; font-src data: 'self' https://maxcdn.bootstrapcdn.com/font-awesome/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ ; media-src 'self' data: https://mpsnare.iesnare.com; prefetch-src 'self'; frame-ancestors 'self'; report-uri /ls/ 11 frame-ancestors 'self' gather.town; 11 frame-ancestors 'self'; base-uri 'self'; 11 default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 11 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net d1a1ax4tcp3m3j.cloudfront.net dqm.crownpeak.com geolocation.onetrust.com 11 frame-ancestors *.youtube.com *.pearsoncmg.com *.pearsonsupport.com *.pearson.com *.ecollege.com *.mathxl.com; 11 frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 11 block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 11 worker-src 'self' 11 default-src * 'unsafe-inline' 'unsafe-eval' 11 default-src https: *.sim-cms.net http://sdk.listenlive.co http://*.streamtheworld.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: http://cdn.saleminteractivemedia.com; media-src 'self' blob: data: https: http://*.streamtheworld.com; worker-src blob: *.sim-cms.net 'self'; font-src data: https://* 'self' 11 default-src 'self'; connect-src *.g.doubleclick.net 'self' www.google-analytics.com https://www.google-analytics.com; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 11 default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 11 frame-ancestors 'self' *.plentymarkets-cloud-de.com 11 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com 10 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 10 frame-ancestors https://oa.sheincorp.cn https://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn https://sqs-admin.biz.sheincorp.cn 10 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true 10 connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors https://*.adobemsbasic.com https://*.lingotek.com https://*.nuance.com https://*.nuance.fr https://*.nuance.de https://*.nuance.es https://*.nuance.co.uk 'self' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 10 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://www.google.com https://connect.facebook.net www.snapengage.com https://storage.googleapis.com/code.snapengage.com/js/ https://prod-nplayer.dacast.com/lib/theoplayer/ https://analytics.webgains.io/ https://analytics-wg.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com/ https://wcs.naver.net/ https://bat.bing.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; img-src 'self' https: data:; media-src 'self' https://ftr.imgix.net https://www.snapengage.com; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://view.vzaar.com https://www.facebook.com https://*.fls.doubleclick.net https://optimize.google.com www.snapengage.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net/ https://analytics.google.com https://www.facebook.com/tr/ https://www.snapengage.com https://api.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com https://wcs.naver.com/; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 10 frame-ancestors https://*.canalplus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 10 default-src *;child-src * blob:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: blob: 10 block-all-mixed-content; upgrade-insecure-requests; 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net d.la1-c2-frf.salesforceliveagent.com d.la1-c2cs-cdg.salesforceliveagent.com d.la1-c1cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com d.la1-c1cs-cdg.salesforceliveagent.com c.la1-c2cs-cdg.salesforceliveagent.com c.la1-c1cs-cdg.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com d.la2-c2-cdg.salesforceliveagent.com d.la2-c1cs-cdg.salesforceliveagent.com c.la2-c1cs-cdg.salesforceliveagent.com fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com sc-static.net 10 frame-ancestors *.neuweb.biz *.home.neustar fast.wistia.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.moatads.com benchmark.marketshare.com *.rlcdn.com *.company-target.com *.bidr.io *.facebook.com *.linkedin.com *.crazyegg.com *.myworkdayjobs.com *.neustar.biz *.neuweb.biz *.neustarlocaleze.biz *.cdn.neustar cdn.optimizely.com fast.wistia.net images-cdn.welcomesoftware.com *.pimcore.org *.marketo.com *.marketo.net *.mktoresp.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com html5shim.googlecode.com code.jquery.com *.ads-twitter.com *.twitter.com t.co *.twimg.com *.bing.com *.gstatic.com *.agkn.com *.intentsify.io *.zoominfo.com *.visualwebsiteoptimizer.com *.google.com *.doubleclick.net *.truste.com *.quora.com *.adnxs.com *.liveperson.net *.intentsify.io *.newscred.com *.addthis.com *.addthisedge.com *.lpsnmedia.net *.wistia.com *.cloudflare.com *.syndication.twimg.com pixel.mathtag.com *.adentifi.com *.bizographics.com *.formalyzer.com oss.maxcdn.com *.ultradns.com *.webmetrics.com dnn506yrbagrg.cloudfront.net d12ulf131zb0yj.cloudfront.net ace-tag.advertising.com flex.atdmt.com se.monetate.net tag.demandbase.com siteimproveanalytics.com connect.facebook.net snap.licdn.com embedwistia-a.akamaihd.net *.adsymptotic.com fg8vvsvnieiv3ej16jby.litix.io blob: data:; 10 reflected-xss block 10 sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 10 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.qsmly.com *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 10 default-src 'self' wss: https://static.zdassets.com https://ekr.zdassets.com https://*.contentful.com https://*.zendesk.com https://*.kampyle.com https://*.tigocloud.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.ooklaserver.net; frame-src 'self' https://bid.g.doubleclick.net https://*.tigocloud.net https://*.tigo.com.bo https://*.tigo.com.py https://www.youtube.com https://*.kampyle.com https://khipu.com/ https://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://6493920.fls.doubleclick.net https://*.google.com https://*.tigo.com.hn https://*.speedtestcustom.com https://speedtest.cableonda.com https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co https://api.retargetly.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://www.google.com https://optimize.google.com https://www.google.com.ar https://*.tigocloud.net https://static.zdassets.com https://connect.facebook.net https://s.ytimg.com https://www.youtube.com/iframe_api https://widget-mediator.zopim.com https://*.kampyle.com https://js-agent.newrelic.com https://*.nr-data.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://tigo.us7.list-manage.com https://web.webpushs.com https://tigo.us18.list-manage.com https://static.ads-twitter.com https://www.gstatic.com https://cdn.epica.ai https://*.inbenta.chat https://*.inbenta.io https://*.googleoptimize.com https://ad.doubleclick.net https://cdn.smooch.io https://tigo.us9.list-manage.com https://www.youtube.com https://*.speedtestcustom.com https://speedtest.cableonda.com https://maps.googleapis.com https://api.retargetly.com https://www.rtb123.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googleapis.com https://tigobusiness.us6.list-manage.com https://analytics.twitter.com https://static.ads-twitter.com https://*.licdn.com; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigocloud.net https://*.inbenta.io https://*.speedtestcustom.com https://speedtest.cableonda.com; img-src 'self' data: blob: https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://www.facebook.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://*.zopim.io https://lh3.googleusercontent.com https://platform-lookaside.fbsbx.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigo.com.bo https://ssl.gstatic.com https://www.gstatic.com https://cdn.sendpulse.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://analytics.twitter.com https://svr.mic.edge.com.py http://openweathermap.org https://openweathermap.org https://bcp.crwdcntrl.net https://cx.atdmt.com https://ad.doubleclick.net https://*.inbenta.com https://*.inbenta.io https://*.speedtestcustom.com https://speedtest.cableonda.com https://prs.arkeero.net https://*.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googleapis.com https://*.googleadservices.com https://analytics.twitter.com https://static.ads-twitter.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://tagmanager.google.com https://cdn.sendpulse.com https://*.tigocloud.net https://*.inbenta.io https://*.google.com https://*.speedtestcustom.com https://speedtest.cableonda.com; connect-src *; 10 form-action 'self' 10 frame-ancestors 'self'; report-uri https://www.goodnes.com/report-uri/enforce 10 default-src 'self'; frame-ancestors 'self' flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com; frame-src * ; media-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com static.hotjar.com launch-9151dc1e0eb6-development mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net pe-dw.store. .com static.zdassets.com; style-src * 'unsafe-inline'; font-src * data:; connect-src * 10 frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 10 frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test 10 default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/ https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com *.lynda.com; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com www.linkedin.com www.slideshare.net *.megaphone.fm msit.powerbi.com app.powerbi.com linkedin.github.io https://*.licdn.com; frame-ancestors 'self' https://onyx.www.linkedin.com; manifest-src 'self'; report-uri /security/csp?f=gg 9 default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com; media-src * blob: 9 frame-ancestors *.euractiv.com euractiv.com *.euractiv.fr euractiv.fr *.euractiv.de euractiv.de *.euractiv.gr euractiv.gr *.euractiv.pl euractiv.pl *.euractiv.sk euractiv.sk *.euraciv.cz euractiv.cz *.euractiv.it euractiv.it *.euractiv.es euractiv.es euractiv.bg api-esp-eu.piano.io; 9 default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 9 frame-ancestors 'self' *.basf.com basf-performance-materials.expo-ip.com 9 frame-ancestors 'self' https://es.chevrolet.com 9 frame-ancestors 'self' https://studio.first.sandbox.ua.coremedia.cloud https://public-studio.first.sandbox.ua.coremedia.cloud https://preview.uat.ua.coremedia.cloud https://studio.uat.ua.coremedia.cloud https://first.sandbox.ua.coremedia.cloud https://studio.production.ua.coremedia.cloud https://preview.production.ua.coremedia.cloud 9 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 9 frame-ancestors 'self' *.blackbaud.com; 9 default-src *; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://www.google-analytics.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 9 frame-ancestors *.ivanti.com https://dash.cloudflare.com 9 frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org; upgrade-insecure-requests; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report-block; report-to csp-endpoint-block 9 frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 9 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content 9 none 9 block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 9 default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 9 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 9 object-src 'self'; 9 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 9 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com 9 worker-src 'self'; 9 default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 9 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 9 default-src * 'unsafe-inline' 'unsafe-eval'; 9 default-src 'self' *.cscglobal.com *.swiftypecdn.com *.swiftype.com script.crazyegg.com rum-collector-2.pingdom.net *.doubleclick.net *.google-analytics.com geoip-js.com *.maxmind.com *.typekit.net api.company-target.com sample-api-v2.crazyegg.com api.hubapi.com https://lat9412.d41.co/api/; script-src 'self' https://lat9412.d41.co/sync/ https://cdn-0.d41.co/tags/dnb_coretag_v5.min.js rum-static.pingdom.net ws.zoominfo.com js.hs-banner.com js.hsadspixel.net *.swiftypecdn.com *.swiftype.com *.wufoo.com tag.demandbase.com script.crazyegg.com s3.amazonaws.com dnn506yrbagrg.cloudfront.net gateway.zscalertwo.net sjs.bizographics.com px.ads.linkedin.com *.google-analytics.com *.googletagmanager.com *.maxmind.com 'unsafe-inline' 'unsafe-eval' *.typekit.net forms.hsforms.com api.hubapi.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net *.hubspot.com *.googleadservices.com tagmanager.google.com *.zmags.com snap.licdn.com; style-src 'self' ocp.cscglobal.com ocu.cscglobal.com gateway.zscalertwo.net *.swiftypecdn.com fast.fonts.net fonts.googleapis.com 'unsafe-inline' tagmanager.google.com ssl.gstatic.com *.gstatic.com; img-src 'self' p.adsymptotic.com *.swiftype.com *.cscglobal.com *.googletagmanager.com googleapis.com match.prod.bidr.io segments.company-target.com cdn2.hubspot.net *.google-analytics.com *.crazyegg.com *.google.com track.hubspot.com data: *.doubleclick.net ssl.gstatic.com *.gstatic.com *.zmags.com px.ads.linkedin.com; font-src 'self' 'unsafe-inline' ocp.cscglobal.com ocu.cscglobal.com data: fonts.gstatic.com *.typekit.net; frame-src 'self' *.youtube.com *.wufoo.com forms.hsforms.com *.zmags.com drive.google.com 9 frame-ancestors 'self' sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br *.hotmart.com http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly; 9 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital; frame-ancestors 'self'; 9 “upgrade-insecure-requests†9 default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 9 frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*; 9 child-src 'self' blob: tr.snapchat.com *.sc-static.net *static.ads-twitter.com https://*.tagcommander.com *.tagcommander.com optimize.google.com gateway.euronext.com forms.logiforms.com https://*.iadvize.com *.iadvize.com aax-eu.amazon-adsystem.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com form.123formbuilder.com https://px.ads.linkedin.com *.px.ads.linkedin.com https://www.linkedin.com/ *.linkedin.com https://d6tizftlrpuof.cloudfront.net player.teester.com landings.somfy.co.il 9 default-src 'self' 'unsafe-inline' https://park.101datacenter.net https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 9 default-src https: data: 'unsafe-inline' 'unsafe-eval'; 9 frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 9 frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 8 frame-ancestors 'self' *.lycos.com 8 frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org; upgrade-insecure-requests 8 upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com http://static.virtualroi.com/; 8 frame-ancestors 'self'; object-src https://*.citrix.com https://capture.navattic.com; plugin-types application/x-shockwave-flash application/pdf 8 upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 8 object-src 'none'; base-uri 'self' 8 script-src 'self' 8 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 8 script-src *; 8 frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com 8 frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com 8 frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.ziggo.io https://ziggo.io https://*.aem.prod.aws.ziggo.io; 8 upgrade-insecure-requests; frame-ancestors 'self'; 8 frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat; 8 frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 8 frame-ancestors *.benq.com *.benq.eu 8 default-src https: *.willistowerswatson data: blob: 'unsafe-eval' 'unsafe-inline' 8 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fo-api.omnitagjs.com https://fonts.googleapis.com https://ib.adnxs.com https://js-agent.newrelic.com https://js.hs-scripts.com https://pixels.omnitagjs.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://track.adform.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://js.hs-analytics.net https://js.hsleadflows.net https://www.googleadservices.com https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://js.hsforms.net https://forms.hsforms.com https://script.hotjar.com https://s.ytimg.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://js.hs-banner.com https://s2.adform.net https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://files.cdn.leadfamly.com https://rec.smartlook.com *.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 8 default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 8 default-src 'unsafe-eval' 'unsafe-inline' https:; img-src data: https:; font-src data: https: 8 default-src 'self' *.kpn.com; frame-ancestors 'self' app.optimizely.com kpn.blueconic.net mijnzakelijk.kpn.com www.grip-on-it.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.optimizely.com cdn.blueconic.net kpn.blueconic.net *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-reload.liquix.eu dwin1.com mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net https://assets.adobedtm.com *.pardot.com opt.objectiveportal.com www.facebook.com *.cookielaw.org *.onetrust.com *.atdmt.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com cacheorcheck.mopinion.com survey.mopinion.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com *.optimizely.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl mobielshop.test.marketingmakers.nl fra1.digitaloceanspaces.com cacheorcheck.mopinion.com survey.mopinion.com https://*.demdex.net https://assets.adobedtm.com opt.objectiveportal.com *.cookielaw.org *.onetrust.com *.atdmt.com; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com; frame-src *.optimizely.com *.doubleclick.net ezpay.liquix.eu callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com www.pingvp.com kpn.pingvp.com reload.alphacomm.network mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net emea1-proxy.adobemc.com www.facebook.com *.onetrust.com *.atdmt.com; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com; connect-src 'self' api-accept.customersaas.com www.google-analytics.com *.optimizely.com kpn.blueconic.net *.kpn.com *.mouseflow.com tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com deploy.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-compleet-fpi-info.fourstack.nl ezpay.liquix.eu wss://*.twilio.com https://*.twilio.com https://*.demdex.net https://assets.adobedtm.com *.tt.omtrdc.net https://adobeioruntime.net emea1-proxy.adobemc.com wss://*.kpn.com/chat-engine *.cookielaw.org *.onetrust.com www.pingvp.com kpn.pingvp.com; object-src 'self' 8 default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 8 upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.telerain.com:* 8 frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 8 default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/92/cast_sender.js https://www.gstatic.com/eureka/clank/93/cast_sender.js;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://api.mapbox.com https://*.tiles.mapbox.com https://www.gstatic.com/cv/js/sender/v1/cast_sender.js;block-all-mixed-content;upgrade-insecure-requests; 8 frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv; 8 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 8 default-src 'self' *.infinity-tracking.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.hotjar.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp js.monitor.azure.com *.msecnd.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.krollontrack.com *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.compiled.com *.kldiscovery.com *.ediscovery.com *.krollontrack.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp; media-src 'self' data: blob: *.krollontrack.com *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com *.ediscovery.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.hotjar.com *.doubleclick.net *.krollontrack.com *.hsforms.com *.typeform.com *.avrotros.nl *.hsforms.net; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.hsforms.com blob:; connect-src 'self' *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com *.hotjar.com *.infinity-tracking.net google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net dc.services.visualstudio.com *.googletagmanager.com; 8 frame-ancestors 'self' *.psplugin.com 8 font-src *.vggcdn.net cdn.viagogo.net https://fonts.gstatic.com data:; report-uri https://wt.viagogo.net/cspr; 8 frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 8 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 8 8 frame-ancestors 'none' ; 8 default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 8 ; 8 default-src * ; img-src * 'self' data: blob: mediastream: https: 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval' 'self' data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval'; 8 upgrade-insecure-requests; base-uri 'self'; 8 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; 8 frame-ancestors 'self' letmedate.com www.letmedate.com 8 script-src 'self' 'unsafe-inline' 'unsafe-eval' * 8 upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' 8 frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com https://*.loja.olx.pt 8 frame-ancestors 'self' http://*.trendin.com https://*.trendin.com 8 default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 8 default-src 'self'; font-src 'self' data: https://resources.ricoh-europe.com https://fast.fonts.net https://fonts.gstatic.com https://script.hotjar.com https://use.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://resources.ricoh-europe.com https://code.jquery.com https://unpkg.com https://service.maxymiser.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com https://maps.googleapis.com https://*.en25.com https://fullstory.com https://edge.fullstory.com https://script.hotjar.com https://static.hotjar.com https://www.youtube.com https://s.ytimg.com https://secure.leadforensics.com https://app-static.turtl.co https://ldynamicspublicapi.leadforensics.com https://snap.licdn.com https://cdn.mouseflow.com https://tag.demandbase.com https://use.fontawesome.com https://api.feefo.com https://register.feefo.com https://lq3-production01.s3.amazonaws.com https://view.ceros.com https://www.fullstory.com https://*.t.eloqua.com; style-src 'self' 'unsafe-inline' https://resources.ricoh-europe.com https://fast.fonts.net https://unpkg.com https://fonts.googleapis.com https://*.en25.com https://app-static.turtl.co https://use.fontawesome.com http://images.response.ricoh-europe.com https://cdn.jsdelivr.net; img-src 'self' data: https://resources.ricoh-europe.com https://*.t.eloqua.com https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://service.maxymiser.net https://assets.turtl.co https://assets.ricoh-europe.com https://www.google.com https://px.ads.linkedin.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://www.googletagmanager.com https://*.en25.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://rs.fullstory.com https://in.hotjar.com https://www.googleadservices.com https://api.feefo.com https://collect.feefo.com; frame-src 'self' https://*.ricoh-europe.com https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://vars.hotjar.com https://ricoh-docuware-calculator.tbtmarketing.com https://gestiondocumentaire.ricoh.fr https://supportrequest.ricoh.ch https://discover.ricoh.co.uk https://webforms.ricoh.de https://*.t.eloqua.com https://embed.ricohtours.com https://ricoh.turtl.co https://view.ceros.com 8 report-uri https://sentry.io/api/1481316/security/?sentry_key=5ed17bd323a34165b4278b59fe665e28 8 default-src https: 'unsafe-eval' 'unsafe-inline'; 8 frame-ancestors *.cas.cn 8 frame-ancestors https://my.bigcartel.com; 8 default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com;worker-src * blob:; style-src * 'unsafe-inline'; frame-ancestors 'self' *.royal-canin.de; 8 frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 8 frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 8 script-src * 'self' 'unsafe-inline' 'unsafe-eval' 8 frame-ancestors 'self' *.memberconnex.com 8 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self', frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 8 default-src 'self' http: https: wss: *.firebaseio.com *.yandex.ru *.google.com *.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com *.googleadservices.com cse.google.com *.google.com *.googlesyndication.com *.googlesyndication.com data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yandex.ru/ads/system/context.js *.firebaseio.com *.landbot.io https://cdn.chatbot.com https://edugrampromo.com https://edgrmtracking.com https://widget.my.feedot.com/ https://a24help.ru/ https://top-fwz1.mail.ru/ https://yastatic.net *.googlesyndication.com *.yandex.ru cdn.ampproject.org pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com www.googletagservices.com securepubads.g.doubleclick.net securepubads.g.doubleclick.net www.google-analytics.com *.googleadservices.com cse.google.com *.google.com *.google.com.ua *.google.am *.google.at *.google.az *.google.be *.google.br *.google.by *.google.ca *.google.ch *.google.cn *.g.cn *.google.cy *.google.cz *.google.de *.google.ee *.google.fr *.google.ge *.google.gr *.google.hu *.google.id *.google.ie *.google.il *.google.in *.google.it *.google.jp *.google.kg *.google.kz *.google.lt *.google.lv *.google.md *.google.me *.google.nl *.google.pl *.google.ro *.google.ru *.google.tm *.google.com.tr *.google.co.uk *.google.us *.google.co.uz *.google.com.sg *.googlesyndication.com; img-src 'self' data: *.landbot.io https://cdn.chatbot.com https://edugrampromo.com *.alicdn.com *.gstatic.com *.yandex.ru *.yandex.net https://wcm-ru.frontend.weborama.fr https://www.tns-counter.ru https://top-fwz1.mail.ru/ https://edugram.com *.doubleclick.net *.googleads.g.doubleclick.net *.googlesyndication.com storage.googleapis.com pagead2.googlesyndication.com securepubads.g.doubleclick.net google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.landbot.io fonts.googleapis.com *.google.com *.googlesyndication.com; font-src 'self' *.landbot.io *.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 8 default-src 'self' 'unsafe-inline' platform.twitter.com piwik.ubiquity.press up-jbt.disqus.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com s7.addthis.com www.journalquality.info; 8 frame-ancestors 'self' https://saint-gobain.wmh-demos.com/; 8 frame-ancestors 'self' *.cnet.com *.ampproject.org *.amp.cloudflare.com *.bing-amp.com www.google.com; default-src https: blob: about: 'unsafe-inline' 'unsafe-eval' *.rvapps.io; font-src https: blob: data:; img-src https: data: blob: android-webview-video-poster: about:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 7 default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; object-src 'none'; connect-src https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; media-src 'self' blob: data: https:; font-src 'self' data: https://use.typekit.net https://cdn.vidible.tv https://cdnjs.cloudflare.com ; 7 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.cdn77.org *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net adinvent.engine.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com *.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com trafforsrv.com serving.stat-rock.com zubivu.com *.xxxjmp.com *.feelpornx.com *.crjugate.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com cdn.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 7 default-src 'none' ; connect-src https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; manifest-src https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; media-src https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; script-src blob: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; img-src data: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; style-src https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; frame-src blob: https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; form-action https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com/ ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 7 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' android-webview-video-poster: *.sky.com *.bskyb.com *.skyassets.com *.lpsnmedia.net *.liveperson.net *.doubleclick.net http://ad.doubleclick.net analytics.twitter.com assets.adobedtm.com bat.bing.com cdn3.nowinteract.com *.clicktale.net *.tvsquared.com connect.facebook.net imp3.nowinteract.com *.googlesyndication.com s2.go-mpulse.net secure.quantserve.com *.qualtrics.com *.15gifts.com smct.co track.uniqodo.com *.assistant.watson.appdomain.cloud www.dwin1.com www.google-analytics.com www.googletagmanager.com static.ads-twitter.com staging-liveperson-dtm.herokuapp.com cdn.tt.omtrdc.net *.demdex.net *.cloudfront.net ssl.google-analytics.com ecustomeropinions.com universal.iperceptions.com sd.iperceptions.com britishskybroadcasti.tt.omtrdc.net cti.w55c.net platform.twitter.com www.awin1.com s0.2mdn.net www.zenaps.com *.google.com *.google.co.uk *.google.ie data1.ablapol.com www.facebook.com *.optimizely.com cdn.spatialbuzz.com cdn.privacy-mgmt.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com www.gstatic.com *.8thwall.com cdnjs.cloudflare.com rules.quantcount.com t.contentsquare.net contentsquare.com app.contentsquare.com cdn-assets-prod.s3.amazonaws.com apps.8thwall.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com dmp.vfwmrm.net match.adsrvr.org pm.w55c.net tr.snapchat.com secure.adnxs.com; style-src 'self' 'unsafe-inline' *.sky.com *.skyassets.com *.15gifts.com s0.2mdn.net www.gstatic.com *.liveperson.net www.facebook.com *.doubleclick.net assets.adobedtm.com www.google-analytics.com *.lpsnmedia.net *.clicktale.net *.contentsquare.net *.googlesyndication.com sky.lucidcx.com; font-src 'self' data: *.sky.com fonts.gstatic.com http://fonts.gstatic.com *.skyassets.com use.typekit.net *.15gifts.com *.google.com *.google.co.uk *.google.ie sky.lucidcx.com cdn.8thwall.com tr.snapchat.com www.pinterest.com; img-src 'self' data: android-webview-video-poster: *.sky.com http://search.sky.com *.doubleclick.net *.skyassets.com *.15gifts.com bat.bing.com *.clicktale.net *.optimizely.com *.tvsquared.com *.demdex.net *.online-metrix.net *.qualtrics.com t.co tracking.audio.thisisdax.com www.facebook.com www.google-analytics.com *.google.com *.google.co.uk *.google.ie *.atdmt.com *.cloudfront.net live.staticflickr.com tags.w55c.net www.googletagmanager.com *.contentstack.io *.lpsnmedia.net s0.2mdn.net www.zenaps.com connect.facebook.net engagement.uniqodo.com *.liveperson.net www.gstatic.com www.awin1.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com cdn.privacy-mgmt.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com cdn.8thwall.com uniqodo.s3-eu-west-1.amazonaws.com production-image-placeholder.herokuapp.com pixel.quantserve.com http://t.newsletter.contact.sky *.sky 8th.io sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com tr.snapchat.com www.pinterest.com secure.adnxs.com; connect-src 'self' blob: android-webview-video-poster: *.sky.com wss://*.sky.com *.skyassets.com *.bskyb.com *.15gifts.com api.amplitude.com bat.bing.com *.bf.dynatrace.com britishskybroadcasti.tt.omtrdc.net *.clicktale.net *.optimizely.com cdn.privacy-mgmt.com *.demdex.net *.doubleclick.net *.assistant.watson.appdomain.cloud *.qualtrics.com vip.timezonedb.com www.google-analytics.com api.amplitude.com *.go-mpulse.net *.akstat.io api.iperceptions.com www.facebook.com www.zenaps.com *.google.com *.google.co.uk *.google.ie s0.2mdn.net *.contentstack.io help-search-api-stage.herokuapp.com wss://*.liveperson.net *.lpsnmedia.net cdn.spatialbuzz.com prod-my-photo-api.herokuapp.com track.uniqodo.com connect.facebook.net engagement.uniqodo.com www.gstatic.com *.liveperson.net assets.adobedtm.com *.tvsquared.com *.googlesyndication.com www.googletagmanager.com wss://127.0.0.1 *.contentsquare.net www.googleadservices.com *.lucidcx.com awk.epgsky.com production-retriever.herokuapp.com cdn-assets-prod.s3.amazonaws.com apps.8thwall.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com tr.snapchat.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk; frame-src 'self' blob: *.sky.com *.bskyb.com *.skyassets.com *.15gifts.com *.doubleclick.net *.optimizely.com *.demdex.net *.online-metrix.net *.lpsnmedia.net *.qualtrics.com www.facebook.com cdn.privacy-mgmt.com universal.iperceptions.com *.google.com *.google.co.uk *.google.ie *.clicktale.net s0.2mdn.net www.zenaps.com connect.facebook.net *.liveperson.net www.google-analytics.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com sky.lucidcx.com live.tvgenius.net servedby.flashtalking.com players.brightcove.net sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net tr.snapchat.com ct.pinterest.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk; worker-src 'self' blob: *.sky.com *.skyassets.com assets.adobedtm.com *.liveperson.net; child-src 'self' blob:; media-src 'self' data: *.sky.com *.skyassets.com http://static.video.sky.com *.15gifts.com *.contentstack.io *.lpsnmedia.net *.doubleclick.net *.google.com *.google.co.uk *.google.ie *.clicktale.net *.liveperson.net www.facebook.com bat.bing.com *.demdex.net assets.adobedtm.com www.google-analytics.com *.contentsquare.net *.googlesyndication.com; object-src 'self' *.sky.com; 7 frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 7 default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 7 frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 7 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 7 frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com; 7 frame-ancestors https://*.ringcentral.com https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://outlook.live.com https://outlook.office365.com https://outlook.office.com 7 frame-ancestors 'self' https://nurture.solarwinds.com/ 7 frame-ancestors 'self' *.mathworks.com feedads.baidu.com *.mwcloudtest.com; 7 frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 7 default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://www.google.com https://www.youtube.com https://fonts.gstatic.com https://*.ul.com https://player.vimeo.com https://www.recaptcha.net data: blob:; connect-src 'self' https://*.lift.acquia.com https://*.wistia.com http://*.wistia.com https://*.ul.com https://*.solosegment.com https://www.google-analytics.com https://spreadsheets.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://bam.nr-data.net https://bam-cell.nr-data.net https://sheets-proxy.knightlab.com https://cdn.cookielaw.org https://*.onetrust.com wss://*.hotjar.com; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://fonts.gstatic.com https://script.hotjar.com data: https://*.ul.com; frame-src 'self' https://*.marketo.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://quote.ul.com https://quote.ul.com https://optimize.google.com https://www.recaptcha.net https://*.addtoany.com https://11349830.fls.doubleclick.net; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.wistia.com https://*.wistia.net https://*.solosegment.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://www.googletagmanager.com https://www.ul.com https://www-stage.ul.com https://legacy-uploads.ul.com https://optimize.google.com https://s.ml-attr.com/getuid https://secure.adnxs.com/getuid https://attr.ml-api.io https://pixel.mathtag.com https://cdn.cookielaw.org data: https://collateral-library-production.s3.amazonaws.com https://*.ul.com https://*.adnxs.com; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acquia.com http://*.acquia.com https://*.wistia.com http://*.wistia.net https://*.wistia.net https://app.wistia.com https://www.youtube.com http://www.youtube.com https://*.vimeo.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://cdnjs.cloudflare.com https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.onetrust.com https://optimize.google.com https://cdn.c212.net https://c212.net https://pixel.mathtag.com https://commons.ul.com/* https://ww2.ul-renewables.com blob: https://app-ab11.marketo.com https://app-sj08.marketo.com https://cdn.knightlab.com https://code.jquery.com https://embed.solosegment.com https://fast.wistia.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://cdn.cookielaw.org https://static.addtoany.com https://*.acquia.com https://optimize.google.com https://fonts.googleapis.com https://cdn.knightlab.com maxcdn.bootstrapcdn.com; frame-ancestors 'self'; report-uri https://ulcsp.report-uri.com/r/t/csp/reportOnly 7 default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 7 frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/ http://demo.havendemo.com/ https://open.spotify.com https://player.vimeo.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 7 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 7 report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.osi.gov.au https://*.cetc.gov.au 7 default-src=* 7 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: 7 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 7 default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 7 frame-src 'self' * data: 7 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 7 frame-ancestors 'self' *.download.com.vn download.com.vn *.download.vn download.vn *.softvn.com softvn.com *.quantrimang.com quantrimang.com *.meta.vn meta.vn *.vndoc.com vndoc.com *.gamevui.vn gamevui.vn *.hoatieu.vn hoatieu.vn 7 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 7 default-src * data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://www.saseurobonusshop.com/ https://eurobonus.shopping https://saseurobonusmastercard.se/ https://saseurobonusmastercard.no/ https://saseurobonusmastercard.dk/ https://swipp.com https://app.swipp.com https://www.rewardspay.com/ https://upgrade.plusgrade.com https://consumer-prdb.plusgrade.com https://consumer-prd.plusgrade.com https://sas-next-staging.crossroads.se/ https://www.coop.se https://kiosk.coop.se https://www-stg.rewardspay.com 'self' 7 default-src 'self' 'unsafe-inline' *; 7 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 7 frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 7 default-src *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.appdynamics.com *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.demdex.net *.day.com *.everesttech.net *.scene7.com s.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.eum-appdynamics.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net; 7 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 7 default-src 'self'; script-src 'self' 'unsafe-eval' https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de; 7 default-src https:; font-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; worker-src blob:; style-src https: 'unsafe-inline'; img-src https: data:; 7 frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 7 default-src 'self'; font-src 'self' *.kaltura.com cdnjs.cloudflare.com data: fonts.gstatic.com vjs.zencdn.net *.hotjar.com;img-src 'self' data: *.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.twimg.com *.youtube.com *.kaltura.com *.linkedin.com *.6sc.co *.facebook.com *.eloqua.com *.verisk.com *.albacross.com metrics.brightcove.com *.air-worldwide.com www.google.com verisk.d1.sc.omtrdc.net t.co p.adsymptotic.com cm.everesttech.net dpm.demdex.net cf-images.us-east-1.prod.boltdns.net veriskisonetprod.112.2o7.net i.ytimg.com www.googletagmanager.com www.greatplacetowork.com cdn.cookielaw.org api.mapbox.com f1.media.brightcove.com udc-neb.kampyle.com *.maplecroft.com ajax.googleapis.com public.tableau.com www.google.co.uk nebula-cdn.kampyle.com w3.poweradvocate.com https://optimize.google.com www.gstatic.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.google-analytics.com *.googleapis.com *.google.com www.gstatic.com *.cookielaw.org *.googletagmanager.com assets.adobedtm.com *.twimg.com kaltura.com *.cloudflare.com dl.episerver.net *.facebook.net fonts.googleapis.com players.brightcove.net az416426.vo.msecnd.net *.xactware.com *.kaltura.com *.licdn.com *.albacross.com *.oktopost.com *.6sc.co *.ads-twitter.com *.cave9tape.com okt.to geolocation.onetrust.com script.crazyegg.com www.googleadservices.com vjs.zencdn.net img.en25.com s1065293013.t.eloqua.com googleads.g.doubleclick.net *.salesforceliveagent.com *.linkedin.com nebula-cdn.kampyle.com unpkg.com cdn.mouseflow.com public.flourish.studio *.hotjar.com pi.pardot.com *.maplecroft.com www.buzzsprout.com public.tableau.com ionfiles.scribblecdn.net readymag.com js.hsforms.net *.hsforms.com *.youtube.com snap.licdn.com player.vimeo.com api-ssl.bitly.com nebula-cdn.kampyle.com screencapture.kampyle.com/screenApi/load/0d9bccf0-07c5-4694-abf9-9f4bcf1d1ec2.js screencaptue-cdn.kampyle.com www.googleanalytics.com www.googleoptimize.com https://optimize.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com dl.episerver.net *.twitter.com *.twimg.com cdnjs.cloudflare.com *.verisk.com unpkg.com https://optimize.google.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css;frame-src 'self' platform.twitter.com www.google.com *.twitter.com *.youtube.com *.surveygizmo.com insuranceservicesofficeinc.demdex.net *.facebook.com bid.g.doubleclick.net *.hotjar.com *.pardot.com www.buzzsprout.com public.tableau.com verisk.postclickmarketing.com *.brightcove.net *.acast.com embed.readymag.com s1120.t.eloqua.com flo.uri.sh go.maplecroft.com player.vimeo.com go.maplecroft.com nebula-cdn.kampyle.com https://optimize.google.com;media-src 'self' *.kaltura.com blob: *.air-worldwide.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net;connect-src 'self' *.kaltura.com www.google-analytics.com *.brightcove.com dc.services.visualstudio.com dpm.demdex.net epsilon.6sense.com cdn.cookielaw.org stats.g.doubleclick.net https://c.6sc.co/ https://secure.adnxs.com/getuidj *.albacross.com http://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.crazyegg.com www.googleapis.com veriskisonetprod.112.2o7.net verisk.d1.sc.omtrdc.net privacyportal.onetrust.com *.hotjar.com vc.hotjar.io ws: *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com https://otc.xactware.com/XactwareLms/certificationListing.xml nebula-cdn.kampyle.com;child-src 'self' *.kaltura.com blob: *.air-worldwide.com insuranceservicesofficeinc.demdex.net *.surveygizmo.com; 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 7 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 7 frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 7 frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com; 7 form-action 'self'; 7 frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 7 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 7 default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps.con.rcmp-grc.gc.ca www.google-analytics.com ajax.googleapis.com www.googletagmanager.com *.clet.ca platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com use.fontawesome.com www.youtube.com unpkg.com; 7 default-src 'self' http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://cdn.goftino.com https://api.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org; frame-ancestors 'self' https://trustseal.enamad.ir; 7 frame-ancestors 'self' *.betssongroupaffiliates.com 7 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 7 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 7 frame-ancestors 'self' https://*.cemex.com https://*.podlaha.cz https://*.beton.cz https://*.valcovany-beton.cz https://www.construrama.com; img-src 'self' data: https://cdn-web.cemex.com https://cdn-web-qa.cemex.com https://cdn-web-intdev.lfgwcemex.services https://cxcdn.lfgwcemex.services https://liferayprod.cemex.com https://assets.cemex.com https://cemex.imgix.net https://www.facebook.com/tr/ https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.linkedin.com/px/ https://px.ads.linkedin.com https://p.adsymptotic.com/d/px/ https://c.contentsquare.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://c.seznam.cz https://npmcdn.com/leaflet@0.7.3/dist/images/ https://s916025651.t.eloqua.com https://tags.bluekai.com https://service.maxymiser.net https://www.google.com/ https://www.google.com.mx/ https://www.google.fr/ https://www.google.com.co/ https://www.google.co.cr/ https://www.google.hr/ https://www.google.cz/ https://www.google.de/ https://www.google.com.do/ https://www.google.com.eg/ https://www.google.com.gt/ https://www.google.lv/ https://www.google.com.ni/ https://www.google.com.pa/ https://www.google.com.pe/ https://www.google.com.ph/ https://www.google.pl/ https://www.google.com.pr/ https://www.google.es/ https://www.google.ae/ https://www.google.co.uk/ https://www.google.com.sv/; 7 frame-ancestors http://webvisor.com 7 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 7 frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 7 default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/;img-src 'self' data: *.materna.de *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 7 default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 7 policy 7 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 7 frame-ancestors 'self' http://webvisor.com https://webvisor.com 7 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 7 script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://s.go-mpulse.net/boomerang/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://cdn.syndication.twimg.com/timeline/ https://code.highcharts.com/ https://connect.facebook.net/it_IT/sdk.js https://livestream.com/assets/plugins/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://rawgit.com/tyrasd/osmtogeojson/ https://use.fontawesome.com/;frame-ancestors 'self' file: *.spaggiari.eu; 7 script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' www.openstreetmap.org; 7 frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 7 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ *.google-analytics.com https://www.gstatic.com https://recaptcha.net https://www.gstatic.cn/recaptcha/ https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://api.steampowered.com https://steamvideo-a.akamaihd.net/; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/ embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://medal.tv; frame-ancestors 'self' https://steamloopback.host ; 7 default-src: https: 'unsafe-inline' 7 frame-ancestors 'self' https://webvisor.com http://webvisor.com; 7 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; 7 default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 7 frame-ancestors 'self' https://*.facebook.com; 7 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 7 default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 7 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 7 default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com:* https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* https://www.google.com https://news.google.com https://www.google.co.uk https://amp-cnn-com.cdn.ampproject.org courageousstudio.com; 6 frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 6 frame-ancestors nypost.com *.nypost.com *.decider.com *.pagesix.com 6 frame-ancestors 'self' https://*.target.com; 6 default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 6 default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com; style-src https://my.tealiumiq.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.garmin.com https://static.garmin.com https://static.garmincdn.com https://sso.garmin.com https://www.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.garmin.com https://www.garmin.com https://consent.trustarc.com; img-src *; frame-src https://sso.garmin.com https://sso.garmin.cn https://www.garmin.com https://my.tealiumiq.com https://static.garmincdn.com https://support.garmin.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://www.youtube-nocookie.com https://player.youku.com https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; object-src 'none'; upgrade-insecure-requests 6 frame-ancestors https://pam.mcafee.com 6 object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 6 frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 6 frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 6 default-src https://*.kucoin.center https://www.googleadservices.com https://googleads.g.doubleclick.net https://revain.org https://api.mobilum.com https://mc.yandex.ru https://widget.mobilum.com https://sdk.im.jiguang.cn https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://upload.qiniup.com https://frontend-helper.cloudtechnet.cn https://*.staticimg.com https://*.staticimg.co https://*.kucoin.top https://*.kucoin.com https://*.kucoin.biz https://pool-x.io https://*.kumex.com https://*.kucoin.cloud https://*.pool-x.io https://*.kcsfile.com https://storage.googleapis.com https://font.googleapis.com https://www.recaptcha.net https://at.alicdn.com https://g.alicdn.com https://www.google-analytics.com https://www.gstatic.cn https://fonts.gstatic.cn https://fonts.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net https://api.growingio.com https://tags.growingio.com https://ekr.zdassets.com https://www.growingio.com https://static.geetest.com https://api.geetest.com https://dn-staticdown.qbox.me https://www.youtube.com https://kucoin.zendesk.com https://rollbar-eu.zendesk.com https://support.zendesk.com https://www.zendesk.com https://ekr.zdassets.com https://static.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://cdn.zopim.com https://www.zopim.com https://uploads.zopim.com https://assets.zopim.com https://api.zopim.com https://v2assets.zopim.io https://cdn.zopim.com https://www.google.co.jp https://www.google.com data: ws: wss: eval: inline: 'unsafe-eval' 'unsafe-inline' ; connect-src https://*.sentry.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://revain.org https://api.mobilum.com https://mc.yandex.ru https://widget.mobilum.com https://sdk.im.jiguang.cn https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://upload.qiniup.com https://frontend-helper.cloudtechnet.cn https://*.staticimg.com https://*.staticimg.co https://*.kucoin.center https://*.kucoin.top https://*.kucoin.com https://*.kucoin.biz https://pool-x.io https://*.kumex.com https://*.kucoin.cloud https://*.pool-x.io https://*.kcsfile.com https://storage.googleapis.com https://font.googleapis.com https://www.recaptcha.net https://at.alicdn.com https://g.alicdn.com https://www.google-analytics.com https://www.gstatic.cn https://fonts.gstatic.cn https://fonts.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net https://api.growingio.com https://tags.growingio.com https://ekr.zdassets.com https://www.growingio.com https://www.tradingview.com https://static.geetest.com https://api.geetest.com https://dn-staticdown.qbox.me https://www.youtube.com https://kucoin.zendesk.com https://rollbar-eu.zendesk.com https://support.zendesk.com https://www.zendesk.com https://ekr.zdassets.com https://static.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://cdn.zopim.com https://www.zopim.com https://uploads.zopim.com https://assets.zopim.com https://api.zopim.com https://v2assets.zopim.io https://cdn.zopim.com https://www.google.co.jp https://www.google.com data: ws: wss: eval: inline: 'unsafe-eval' 'unsafe-inline'; font-src http: https: data:; img-src http: https: data: blob:; worker-src http: https: data: blob:; child-src http: https: data: blob:; frame-ancestors 'self' https://www.growingio.com wss://widget-mediator.zopim.com https://v2.zopim.com https://cdn.zopim.com https://www.zopim.com https://uploads.zopim.com https://assets.zopim.com https://api.zopim.com https://v2assets.zopim.io https://cdn.zopim.com https://www.google.co.jp https://www.google.com https://*.kucoin.com https://*.kucoin.biz https://*.kucoin.top https://*.kucoin.cloud https://*.kucoin.center 6 frame-ancestors *.motor1.com 6 frame-ancestors 'self' https://*.mercedes-benz.com; default-src 'self' https://*.mercedes-benz.com https://*.mercedes-benz.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.krxd.net https://*.day.com https://*.anythingabout.net https://*.system360gmbh.de https://*.mercedes-benz-classic.com https://*.speedcurve.com https://alltime-stars.com https://cdn.jsdelivr.net https://*.mb-lounge.com https://*.eventbase.com https://narando.com https://*.narando.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.plyr.io https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://shop.nostalgic.de https://*.gstatic.com https://cdn.ampproject.org https://amp.azure.net https://*.windows.net https://cmsdata.net https://booking-widget.quandoo.de https://api.corpinter.net https://www.mercedesamgf1.com https://*.facebook.net https://*.facebook.com https://*.atdmt.com data: blob: 'unsafe-inline' 'unsafe-eval' 6 base-uri 'none'; object-src 'none'; script-src 'self' https: 'unsafe-inline'; 6 block-all-mixed-content;frame-ancestors *.mail.com 6 default-src https: data: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 6 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; 6 upgrade-insecure-requests; connect-src * https:; img-src * data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 6 default-src https: 'unsafe-inline' 6 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 6 frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com 6 default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; 6 object-src 'none'; 6 img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 6 frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.2doc.nl *.vprogids.nl; 6 connect-src * 'self' 6 frame-src *; 6 default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' support.carousell.com 6 frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; 6 frame-ancestors 'self' https://optimize.google.com/ 6 default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' maps.googleapis.com/ plugins.flockler.com fl-1.cdn.flockler.com syndication.twitter.com/ ajax.aspnetcdn.com/ajax/jquery.validate/1.15.0/jquery.validate.min.js ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js analytics.twitter.com/i/adsct c.evidon.com/sitenotice/ c.evidon.com/geo/country.js code.jquery.com/jquery-1.10.2.min.js connect.facebook.net/en_US/fbevents.js d3js.org/d3.v3.min.js platform.twitter.com/widgets.js s.ytimg.com/yts/jsbin/www-widgetapi-vflJFa_jA/www-widgetapi.js snap.licdn.com/li.lms-analytics/insight.old.min.js snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com/uwt.js www.google-analytics.com/analytics.js www.googletagmanager.com/gtm.js www.instagram.com/embed.js www.youtube.com/ cdnjs.cloudflare.com app.bowencraggs.com maps.googleapis.com/maps-api-v3/api/js/44/4/common.js connect.facebook.net/signals/config/; style-src 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com fl-1.cdn.flockler.com; object-src 'none'; base-uri 'self'; connect-src 'self' www.google-analytics.com plugins.flockler.com optoutapi.evidon.com; font-src 'self' fonts.gstatic.com; frame-src 'self' syndication.twitter.com/ plugins.flockler.com irs.tools.investis.com otp.tools.investis.com platform.twitter.com www.instagram.com www.youtube.com; img-src 'report-sample' 'unsafe-inline' 'self' data: flockler.com c.evidon.com www.linkedin.com fl-1.cdn.flockler.com media-api.flockler.com scontent.cdninstagram.com i.ytimg.com l.evidon.com maps.googleapis.com maps.gstatic.com px.ads.linkedin.com syndication.twitter.com t.co www.facebook.com www.google-analytics.com www.googletagmanager.com p.adsymptotic.com c.evidon.com/sitenotice/images/evidon-change-alert.png; manifest-src 'self'; media-src 'self'; report-uri https://5f9932cfca69962525be30e3.endpoint.csper.io/; worker-src 'none'; 6 upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 6 default-src 'self' https://*.hostwinds.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hostwinds.com https://*.googletagmanager.com https://*.google-analytics.com https://*.livechatinc.com https://*.sentry.io https://*.googleadservices.com https://google.com; style-src 'self' 'unsafe-inline' https://*.hostwinds.com https://*.livechatinc.com; img-src * data:; connect-src *; media-src *; object-src 'self' https://*.hostwinds.com https://*.livechatinc.com; frame-src 'self' https://*.hostwinds.com https://*.livechatinc.com https://iframe.videodelivery.net; frame-ancestors 'self' https://*.hostwinds.com https://*.livechatinc.com https://iframe.videodelivery.net; form-action 'self' https://*.hostwinds.com 6 upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' prep2021.elimparcial.com prepsonora2021.elimparcial.com prep2021bc.mx iframe.elimparcial.com *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net *.giphy.com giphy.com *.memeate.com *.windy.com iframe.enelradar.com *.taboola.com *.liveleak.com *.pinterest.com *.lkqd.net *.wcnc.com aax.amazon-adsystem.com *.seedtag.com *.criteo.com *.paypal.com *.avantisvideo.com *.aniview.com graphics.reuters.com embed.windy.com www.sunmedia.tv www.relappro.com *.flo.uri.sh flo.uri.sh; report-uri https://imparcial.report-uri.com/r/d/csp/enforce 6 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; report-uri /api/csp/report; 6 default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com 6 referrer no-referrer 6 media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 6 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 6 allow 'self'; 6 connect-src *; default-src 'self'; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 6 default-src 'self' *.miraheze.org; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org wikidata.org www.gstatic.com s7.addthis.com www.google.com www.recaptcha.net platform.twitter.com js-wiki-cdn.reviservices.com wikiplus-app.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.syndication.twimg.com scratchblocks.github.io openlayers.org; style-src 'self' data: 'unsafe-inline' *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net platform.twitter.com ton.twimg.com; img-src 'self' data: *.miraheze.org upload.wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org scratchblocks.github.io docs.blender.org *.imgbox.com www.mikrodev.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net img.shields.io mc-uc.netease.com db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com; font-src 'self' data: *.miraheze.org fonts.gstatic.com cdn.jsdelivr.net; media-src 'self' blob: *.miraheze.org upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com; frame-src 'self' *.miraheze.org www.google.com www.recaptcha.net web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com; connect-src 'self' *.miraheze.org www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com; 6 frame-ancestors https://*.mediamarkt.se 'self' 6 default-src * blob: data:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' 6 script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com idtechex.bamboohr.com platform.twitter.com ssl.google-analytics.com www.googleadservices.com *.idtechex.com oss.maxcdn.com ie7-js.googlecode.com https://googleads.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://cdn.syndication.twimg.com www.google.com www.gstatic.com ajax.googleapis.com *.livechatinc.com app.chaport.com *.arcot.com *.verifiedbyvisa.com *.3dsecure-vrp.de *.cardinalcommerce.com *.securesuite.net *.securesuite.co.uk *.securecode.com *.citibank.com *.citibank.co.kr *.cardcenter.ch *.swisscard.ch *.icscards.nl *.sia.eu *.swedbank.se *.dnp-cdms.jp acs.cafis-paynet.jp *.hanacard.co.kr *.shinhancard.com *.wooricard.com *.hyundaicard.com *.wlp-acs.com *.dkb.de *.nab.com.au *.mbank.pl *.ccb.com.cn *.cmbchina.com *.bccard.com *.cartasi.it *.modirum.com *.paylife.at *.ctbcbank.com *.ocbc.com *.kbcard.com *.enfuce.com *.airplus.com ws.zoominfo.com 6 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 6 default-src 'unsafe-inline' data: about: hcom: blob: callback: chrome-error: *; script-src 'unsafe-eval' 'unsafe-inline' data: about: blob: asset: *; report-uri https://hcom.report-uri.com/r/t/csp/enforce 6 upgrade-insecure-requests; report-uri /api/csp-report; base-uri 'none'; object-src 'none'; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' sdk.listenlive.co players.brightcove.net *.krxd.net js-agent.newrelic.com bam.nr-data.net vjs.zencdn.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com console.googletagservices.com adservice.google.com storage.googleapis.com www.google.com *.2mdn.net optimize.google.com adservice.google.com adservice.google.ca googleads.g.doubleclick.net securepubads.g.doubleclick.net *.googlesyndication.com cdn.ampproject.org stats.g.doubleclick.net tagmanager.google.com imasdk.googleapis.com www.gstatic.com connect.facebook.net www.instagram.com cdn.syndication.twimg.com platform.twitter.com *.twitch.tv www.tiktok.com *.ibytedtos.com *.tiktokcdn.com www1.journaldemontreal.com www.youtube.com ping.chartbeat.com static.chartbeat.com static2.chartbeat.com *.hotjar.com *.hotjar.io cdn.jwplayer.com ssl.p.jwpcdn.com *.qub.ca qub.ca insights.algolia.io s0.2mdn.net/instream/video/client.js *.scorecardresearch.com code.jquery.com ajax.googleapis.com s1.quebecormedia.com static.freeskreen.com sb.freeskreen.com 6 default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com https://www.google-analytics.com:443; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com handelsbankennl.easycruit.com handelsbankenno.easycruit.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 6 connect-src 'self' habboo-a.akamaihd.net *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com www.google-analytics.com csi.gstatic.com *.googlesyndication.com *.g.doubleclick.net; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com *.g.doubleclick.net *.googlesyndication.com *.gstatic.com images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; upgrade-insecure-requests; report-uri /csp/report 6 default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 6 default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' https://elements-at.atlassian.net/; 6 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org 6 frame-ancestors 'self'; object-src 'none' 6 img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval';worker-src blob:; 6 frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 6 connect-src 'self' data: *.google.com https://freegeoip.app *.plyr.io https://noembed.com *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ampcid.google.com.br https://s.yimg.com https://bat.bing.com; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com https://cdn.mouseflow.com https://bat.bing.com https://s.yimg.com https://*.tailtarget.com https://d.tailtarget.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com; default-src https: 6 frame-ancestors 'self' weleda.sabio.de 6 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.stihl.com https://wm.wiredminds.de https://www.google-analytics.com https://www.googletagmanager.com https://analytics-udg.netdna-ssl.com https://www.googleadservices.com https://bat.bing.com https://rns.matelso.de https://googleads.g.doubleclick.net https://maps.googleapis.com https://static.criteo.net https://sslwidget.criteo.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://ssl.geoplugin.net https://www.google.com https://www.gstatic.com https://api.openweathermap.org https://e.video-cdn.net https://79423.analytics.edgekey.net https://mc.yandex.ru https://vk.com https://top-fwz1.mail.ru https://cdn.taboola.com https://trc.taboola.com https://ssl.google-analytics.com https://www.sc.pages02.net https://track.adform.net https://s2.adform.net https://cstatic.weborama.fr https://chimpstatic.com https://amplify.outbrain.com https://tr.outbrain.com https://lib-3pas.admatrix.jp https://eventd-cro.admatrix.jp https://static.ads-twitter.com https://analytics.twitter.com https://s.pinimg.com https://ajax.googleapis.com https://wm.wiredminds.de https://static.stihl-timbersports.com https://www.youtube.com https://s.ytimg.com https://*.mouseflow.com https://secure-ds.serving-sys.com https://ng361.infusionsoft.com https://bs.serving-sys.com https://linklist.mmcagentur.at https://c.imedia.cz https://mc.yandex.com https://www.google.de https://www.google.it https://www.google.es https://www.google.ru https://www.google.pt https://www.google.at https://www.google.cz https://www.google.gr https://www.google.pl https://www.google.fr https://www.google.ro https://www.google.bg https://www.google.co.uk https://www.google.nl https://www.google.com.ua https://www.google.de https://www.google.it https://www.google.es https://www.google.ru https://www.google.pt https://www.google.at https://www.google.cz https://www.google.gr https://www.google.pl https://www.google.fr https://www.google.ro https://www.google.bg https://www.google.co.uk https://www.google.nl https://www.google.com.ua https://yastatic.net;style-src 'self' 'unsafe-inline' https://static.stihl.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://static.stihl-timbersports.com https://www.googletagmanager.com;img-src 'self' data: *;font-src 'self' https://static.stihl.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://e.video-cdn.net https://maxcdn.bootstrapcdn.com https://*.mouseflow.com https://linklist.mmcagentur.at https://script.hotjar.com https://yastatic.net;child-src 'self' https://*.mouseflow.com https://www.facebook.com;frame-src 'self' https://www.google.com https://www.facebook.com https://e.video-cdn.net https://googleads.g.doubleclick.net https://www.google.de https://ad3.adfarm1.adition.com https://*.fls.doubleclick.net https://cstatic.weborama.fr https://rd.frontend.weborama.fr https://www.youtube-nocookie.com https://www.youtube.com https://e.issuu.com https://*.mouseflow.com https://app11.jaggaer.com https://player.vimeo.com https://ng361.infusionsoft.app https://data.stihl-timbersports.com https://www.pool4tool.com https://vars.hotjar.com https://img-cdn.mediaplex.com https://bid.g.doubleclick.net https://www.google.de https://www.google.it https://www.google.es https://www.google.ru https://www.google.pt https://www.google.at https://www.google.cz https://www.google.gr https://www.google.pl https://www.google.fr https://www.google.ro https://www.google.bg https://www.google.co.uk https://www.google.nl https://www.google.com.ua https://*.mediaplex.com https://*.doubleclick.net;connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://d.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://ma307-r.analytics.edgekey.net https://asset-out-cdn.video-cdn.net https://mc.yandex.ru https://top-fwz1.mail.ru https://trc-events.taboola.com https://ext.nonstoppartner.net https://ct.pinterest.com https://*.mouseflow.com https://secure-ds.serving-sys.com https://static.stihl.com https://static.stihl-timbersports.com https://static.viking-garden.com https://linklist.mmcagentur.at https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://bat.bing.com https://mc.yandex.com https://www.google.com https://www.facebook.com https://www.google.de https://www.google.it https://www.google.es https://www.google.ru https://www.google.pt https://www.google.at https://www.google.cz https://www.google.gr https://www.google.pl https://www.google.fr https://www.google.ro https://www.google.bg https://www.google.co.uk https://www.google.nl https://www.google.com.ua https://ssl.google-analytics.com https://www.google.se https://ssl.geoplugin.net https://api.openweathermap.org;media-src 'self' https://videocdnvod1-vh.akamaihd.net https://asset-out-cdn.video-cdn.net;object-src 'self' https://static.stihl.com;report-uri /api/Service/CspLog; 6 frame-ancestors 'self' analytics.pt-dlr.de 6 default-src * https: data: 'unsafe-eval' 'unsafe-inline' blob:; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 6 default-src https: 'unsafe-inline' 'unsafe-eval'; 6 default-src 'self' http: https: cdnjs.cloudflare.com use.typekit.net www.google-analytics.com fonts.googleapis.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: polaris.brighterir.com sirius.brighterir.com www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 6 upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 6 upgrade-insecure-requests; object-src 'none'; base-uri 'self'; 6 upgrade-insecure-requests;block-all-mixed-content; 6 connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 6 default-src 'self' ; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://www.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://data.gov.sg ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com ; 6 frame-ancestors 'self' *.facebook.com 6 default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 6 default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 6 script-src https: 'unsafe-inline' 'unsafe-eval' 6 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 6 font-src 'none' 6 frame-ancestors zyro.com editor.zyro.com www-staging.zyro.space builder-staging.zyro.space *.dp.zyro.space 6 frame-ancestors 'self' https://smartnutri-stag.firebaseapp.com/ https://smartfitnutri.app/ 6 frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com 'self' 6 frame-ancestors 'self' learn.arcgis.com *.esri.com myaccount.lingotek.com 6 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 6 default-src 'self' 'unsafe-inline'; 6 default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost; 6 frame-ancestors accounts.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 *.shopbase.net.cn:443 'self' 6 script-src 'self' https://*.schloesser-und-gaerten.de https://fast.fonts.net https://platform.twitter.com https://cdn.syndication.twimg.com https://connect.facebook.net; 6 frame-ancestors 'self' https://api.opentlv.com https://borne-leclerc.opentlv.com 6 default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 6 frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 6 default-src https: data:;script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-eval' 'unsafe-inline'; 6 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report; 5 frame-ancestors 'self' https://*.yahooinc.com https://*.edgecast.com https://mediaplatform.pathfactory.com 5 frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com 5 frame-ancestors 'self' *.wildberries.ru 5 frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.scout.com *.wired2fish.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 5 frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php 5 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.bigcommerce.com 5 frame-ancestors 'self' *.windy.com:* 5 frame-ancestors https://*.complex.com 5 frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 5 frame-ancestors https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.builder.io/ https://builder.io; report-uri /csp-violation; 5 frame-ancestors 'self' https://*.edgecast.com https://*.yahooinc.com https://mediaplatform.pathfactory.com 5 frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com; 5 default-src 'none'; script-src 'self'; style-src 'self'; connect-src 'self' https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://flow.1passwordservices.com; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://secure.livechatinc.com https://player.vimeo.com; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors 'none' 5 frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com https://www.gather.town; 5 frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 5 frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 5 default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.aticdn.net *.ioam.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.bunchbox.co *.surveymonkey.com *.datadoghq-browser-agent.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com *.bunchbox.co *.datadoghq-browser-agent.com;media-src * mediastream: blob:;frame-src 'self' localhost:* *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.ioam.de *.bunchbox.co *.surveymonkey.com *.datadoghq-browser-agent.com;worker-src 'self' blob: 5 frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de; 5 frame-ancestors 'self' https://app.hubspot.com; 5 default-src 'self' *.vidyard.com *.onetrust.com; frame-ancestors 'self'; form-action *; object-src 'none'; base-uri 'none'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; connect-src *; frame-src *; font-src * data:; media-src *; 5 frame-ancestors 'self' *.datto.com *.backupify.com datto.engineering *.openmesh.com; report-uri https://www.datto.com/actions/contentSecurityPolicy/report/log; report-to csp-endpoint; 5 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5 frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru http://webvisor.com https://portal1.comm100.io 5 frame-ancestors https://*.obozrevatel.com http://*.googlesyndication.com https://api.esp.piano.io http://api.traq.li 5 frame-ancestors 'self'; object-src 'none'; base-uri 'none'; form-action 'self' www.facebook.com;report-uri https://data.jijiapp.net/csp-report; 5 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 5 frame-ancestors https://*.flexera.com https://*.flexerasoftware.com https://*.revenera.com; 5 frame-ancestors 'self';default-src https: data: 'unsafe-inline' 'unsafe-eval' 5 default-src 'self' https: wss: blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: wss: blob: data: 'unsafe-inline' 'unsafe-eval' www.googleadservices.com www.googletagmanager.com *.doubleclick.net www.youtube.com *.ads-twitter.com *.twitter.com connect.facebook.net api.ipify.org; frame-src *; connect-src * blob: data:; font-src * blob: data:; img-src 'self' https: wss: blob: data: 'unsafe-inline' 'unsafe-eval' filesystem: 5 frame-ancestors https://*.sutterhealth.org 5 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 5 nosniff 5 frame-ancestors 'self' https://*.evergage.com https://cdn.evgnet.com; upgrade-insecure-requests; block-all-mixed-content 5 default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net 5 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://next.brella.io; base-uri 'self'; object-src 'self'; connect-src wss: https: 5 font-src 'self' https://fonts.gstatic.com https://ka-p.fontawesome.com https://themes.googleusercontent.com https://static.juicer.io data: https://js.intercomcdn.com https://maxcdn.bootstrapcdn.com https://thriv.sportsengine.com https://cdnjs.cloudflare.com https://static.formstack.com https://thrivsports.s3.us-east-1.amazonaws.com; img-src 'self' https://www.sportsengine.com https://se-portal-production.s3.amazonaws.com *.facebook.com *.sestage.us *.google.com https://se-portal-staging.s3.amazonaws.com *.youtube.com https://s0.2mdn.net *.googleusercontent.com *.googlesyndication.com *.visualwebsiteoptimizer.com https://sb.scorecardresearch.com https://www.google-analytics.com *.g.doubleclick.net https://audible.sp1.convertro.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://s3.amazonaws.com *.adsafeprotected.com *.mparticle.com https://assets.ngin.com https://embed-fastly.wistia.com https://img1.niftyimages.com data: https://js.intercomcdn.com https://static.intercomassets.com https://pixel.quantserve.com https://bat.bing.com *.googletagmanager.com https://golfmds.s3.amazonaws.com/ https://syndication.twitter.com https://sportngin-lddxb.formstack.com https://thrivsports.s3.amazonaws.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net *.visualwebsiteoptimizer.com *.g.doubleclick.net https://sb.scorecardresearch.com *.googleadservices.com *.googletagmanager.com *.mparticle.com *.user.sportngin.com https://se-api.sportngin.com.dev https://www.google-analytics.com https://adservice.google.com *.googlesyndication.com https://cdn.ampproject.org https://www.googletagservices.com https://fast.wistia.com https://www.olympicchannel.com https://assets.juicer.io https://communityforum.sportngin.com https://assets.ngin.com https://assets.stage.ngin.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://www.burst.com https://secure.quantserve.com https://pixel.quantserve.com https://rules.quantcount.com https://bat.bing.com https://widget.intercom.io https://js.intercomcdn.com https://js.braintreegateway.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://thriv.sportsengine.com https://g1188506010.co https://app.vwo.com https://www.instagram.com https://platform.twitter.com https://sportngin-lddxb.formstack.com https://static.formstack.com https://ajax.googleapis.com https://storage.googleapis.com https://olympics.com/static/js/syndicated/v1/embed.js https://static.hotjar.com/ https://script.hotjar.com/ https://maps.googleapis.com https://thriv-search-spa-prod.s3.amazonaws.com blob: https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' https://assets.ngin.com https://assets.stage.ngin.com https://fonts.googleapis.com https://assets.juicer.io https://www.burst.com https://maxcdn.bootstrapcdn.com https://thriv.sportsengine.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://thrivsports.s3.us-east-1.amazonaws.com https://static.formstack.com cloud.typography.com fonts.googleapis.com; frame-ancestors 'self' https://*.sportngin.com https://app.stage.ngin-staging.com; report-uri https://www.sportsengine.com/report-uri/enforce 5 form-action https: 5 report-uri //report-csp-violation 5 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 5 frame-ancestors 'self' *.evergage.com *.evgnet.com; 5 frame-ancestors 'self' https://dbwas.service.deutschebahn.com 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.facebook.net *.google-analytics.com *.addthisedge.com *.marketo.com *.googletagmanager.com *.mookie1.com *.serving-sys.com *.marketo.net *.calltrk.com *.tiqcdn.com *.jwpcdn.com *.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com *.facebook.com *.pinterest.com *.googleapis.com *.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com *.addtoany.com *.github.io *.aspnetcdn.com s.gravatar.com *.wp.com *.amazonaws.com *.googleadservices.com *.microsoft.com *.jquery.com *.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com *.nr-data.net tagmanager.google.com *.surveymonkey.com *.brightwhistle.com *.callrail.com *.healthwise.net *.merklesearch.com *.rkdms.com *.rawgit.com *.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com *.hotjar.com *.doubleclick.net *.creative-serving.com *.invocacdn.com *.invoca.net *.adsrvr.org *.acquia.com *.segment.com *.rdcdn.com *.msecnd.net *.mymarketingreports.com *.optimizely.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.salesforceliveagent.com *.sanzone.io api.dpx.northwell.io *.yimg.com *.yahoo.com tags.srv.stackadapt.com pagecdn.io *.alpixtrack.com *.basis.net *.tctm.co *.pixel.ad *.adobedtm.com *.112.2o7.net *.presage.io *.evgnet.com *.azure.com; object-src 'self' video.limelight.com assets.delvenetworks.com *.gigya.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com *.acquia.com *.syllable.ai *.force.com *.salesforce.com api.dpx.northwell.io *.yimg.com *.srv.stackadapt.com *.googletagmanager.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com *.hotjar.com *.maptiler.com *.rdcdn.com https://rdcdn.com clickserv.pixel.ad *.syllablecdn.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.northwell.io api.dpx.northwell.io *.yimg.com *.googleusercontent.com *.marketo.com alpixtrack.com *.ipredictive.com *.bidr.io *.sitescout.com *.presage.io *.locationiq.com *.linkedin.com *.adsymptotic.com *.postrelease.com; media-src 'self' blob: *.llnw.net *.delvenetworks.com *.llnw.com dam.northwell.edu; frame-src 'self' blob: cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com mednews.hofstra.edu app.stitcher.com vars.hotjar.com *.googletagmanager.com www.facebook.com insight.adsrvr.org *.acquia.com *.segment.com *.optimizely.com *.force.com *.salesforce.com *.pledgeling.com *.adsrvr.org *.healthgrades.com *.podbean.com *.libsyn.com *.simplecast.com *.sitescout.com *.youvisit.com *.demdex.net; child-src 'self' blob:; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com static.hotjar.com api.dpx.northwell.io *.hotjar.com *.cloudfront.net; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com *.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com *.northwell.edu content.healthwise.net *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.hotjar.io www.facebook.com *.cloudfront.net *.acquia.com *.segment.com *.visualstudio.com *.bugsnag.com *.mktoresp.com *.nr-data.net *.optimizely.com *.syllable.ai *.locationiq.com *.conveythis.com *.force.com *.sanzone.io *.northwell.io *.yimg.com *.srv.stackadapt.com sentry.io *.reachnorthwell.com analytics.google.com *.facebook.net *.demdex.net; report-uri https://northwell.report-uri.com/r/d/csp/reportOnly 5 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com *.scribblecdn.net *.esg-global.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com ws.zoominfo.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com tag.aumago.com *.google-analytics.com *.6sc.co secure.adnxs.com *.vidyard.com epsilon.6sense.com; report-uri /admin/config/system/seckit/csp-report 5 frame-ancestors 'self' *.manomano.co.uk *.manomano.de *.manomano.es *.manomano.fr *.manomano.it *.manomano.com *.manomano.tech 5 default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: blob: *.sitecore.com *.sitecore.net *.hhogdev.com *.stylelabs.cloud *.googleapis.com *.gstatic.com *.azureedge.net *.bolddns.net; frame-src * 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.sitecore.com; script-src * blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'self' 'unsafe-inline'; script-src-attr * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; style-src-elem * 'self' 'unsafe-inline'; style-src-attr * 'self' 'unsafe-inline' data:; img-src * 'self' 'unsafe-inline' data:; font-src * data: 'self' 'unsafe-inline'; connect-src *; object-src 'none'; media-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 5 frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ http://www.staging.medscape.com/ http://www.skipta.com/ https://www.staging.medscape.com/ https://www.skipta.com/ http://staging.medscape.com/ http://skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ http://medscape.com/ 5 frame-ancestors 'self' goqubit.net ; 5 default-src https: data: 'unsafe-inline' 'unsafe-eval' always 5 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://grandcentral.beescloud.com https://grandcentral.cloudbees.com https://*.contentful.com 'self' 5 frame-ancestors 'self' *.multimediabs.com *.orange.com 5 frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; 5 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src blob: 'self'; font-src https: data: 5 frame-ancestors 'self' https://www.google.com https://corp-maven-io.cdn.ampproject.org; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 5 default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors https://*.offshore-energy.biz 5 default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 5 frame-ancestors 'self' *.nexxt.com/ https://lensa.com/; 5 default-src 'self' api.marker.io app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.matomo.cloud *.cdninstagram.com *.clickdimensions.com *.comaweb.de data: *.easyway.site edge.marker.io *.elfsquad.io www.facebook.com *.fbcdn.net *.firebot.io *.flockler.com flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleapis.com www.googletagmanager.com *.gstatic.com *.ingest.sentry.io *.licdn.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com *.purechat.com px.ads.linkedin.com *.randomuser.me randomuser.me s3-eu-west-1.amazonaws.com snap.licdn.com ssr.marker.io *.twimg.com *.usercentrics.eu webasto-comfort.com *.webasto-comfort.com *.webasto.com webasto.matomo.cloud wss://firebot.galacticweb.net *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' api.marker.io app.marker.io *.aticdn.net *.bootstrapcdn.com *.clickdimensions.com *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io *.flockler.com *.formsite.com *.galacticweb.net *.googleapis.com *.gstatic.com *.ingest.sentry.io marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com *.purechat.com px.ads.linkedin.com *.randomuser.me snap.licdn.com ssr.marker.io *.webasto.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.marker.io app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.matomo.cloud *.clickdimensions.com https://connect.facebook.net/ *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io firebot.io *.flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.ingest.sentry.io marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com *.purechat.com px.ads.linkedin.com *.randomuser.me randomuser.me snap.licdn.com ssr.marker.io *.usercentrics.eu *.webasto.com webasto.matomo.cloud *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; 5 default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.herbalifenutrition.com *.herbalife.com *.herbalife.de negocio.herbalife.com.mx privacyportal.onetrust.com privacyseals.bbbprograms.org da7xgjtj801h2.cloudfront.net cf-images.us-east-1.prod.boltdns.net translate.googleapis.com googleads.g.doubleclick.net bid.g.doubleclick.net www.googleadservices.com dev.day.com rl.quantummetric.com geolocation.onetrust.com http-inputs-hrbl.splunkcloud.com herbalife-app.quantummetric.com herbalife-sync.quantummetric.com cdn.quantummetric.com cdn.cookielaw.org code.jquery.com optanon.blob.core.windows.net stats.g.doubleclick.net herbalife.112.2o7.net www.gstatic.com connect.facebook.net blob: data: user-aaimrzl.cld.bz www.google-analytics.com www.googletagmanager.com www.facebook.com twitter.com www.instagram.com www.linkedin.com www.dsa.org dsef.org www.bbb.org fonts.googleapis.com fonts.gstatic.com pixel.wp.com s0.wp.com stats.wp.com api.ceros.co ajax.googleapis.com media-s3-us-east-1.ceros.com namcerosdev.wpengine.com sdk.ceros.com assets.adobedtm.com metrics.brightcove.com players.brightcove.net cdn.flipsnack.com edge.api.brightcove.com cdnjs.cloudflare.com assets.herbalifenutrition.com smetrics.herbalife.com manifest.prod.boltdns.net *.akamaihd.net secure.brightcove.com vjs.zencdn.net f1.media.brightcove.com edge.myherbalife.com *.demdex.net herbalife.tt.omtrdc.net cm.everesttech.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat 5 frame-ancestors 'self' https://*.experiencecloud.adobe.com https://experiencecloud.adobe.com https://experience.adobe.com 5 frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests 5 default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' storage.googleapis.com api.mapbox.com https://*.uninfo.org blob: *.fontawesome.com; style-src 'self' *.flickr.com *.staticflickr.com cdnjs.cloudflare.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com *.fontawesome.com; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube-nocookie.com www.youtube.com *.vimeo.com country-profiles.unstatshub.org forms.office.com; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com *.fontawesome.com; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com www.google-analytics.com storage.googleapis.com wss://socket.push.al https://*.undg.org *.fontawesome.com; report-uri /report-csp-violation 5 frame-ancestors 'self' https://www.growingio.com 5 frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; 5 default-src 'self' *.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bizible.com *.easy7bear.com ceros-creative-services.s3.amazonaws.com ceros-labs.s3.amazonaws.com *.ceros.com *.bidr.io *.bizzabo.com *.cloudfront.net acsbapp.com *.acsbapp.com *.bc0a.com *.b0e8.com *.ads-twitter.com *.adsrvr.org *.srv.stackadapt.com *.stackadapt.com *.fontawesome.com *.cookielaw.org *.jquery.com *.marketo.com *.marketo.net *.twimg.com *.onetrust.com *.driftt.com *.bing.com *.bootstrapcdn.com *.myfonts.net *.cloudflare.com *.callrail.com *.aspnetcdn.com *.vidyard.com *.ceridian.ca *.en25.com *.eloqua.com *.googletagmanager.com *.swiftypecdn.com *.google-analytics.com *.google.com *.google.ca *.licdn.com *.facebook.net *.terminus.services *.windows.net *.g2crowd.com *.adsrvr.org *.ads-twitter.com *.ads.linkedin.com *.twitter.com go.ceridian.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.marketo.com *.twitter.com *.bootstrapcdn.com fastcdn.org *.cloudflare.com optanon.blob.core.windows.net *.swiftypecdn.com go.ceridian.com *.stackadapt.com; img-src * data:; font-src 'self' http://script.hotjar.com https://script.hotjar.com acsbapp.com *.acsbapp.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com; connect-src 'self' *.doubleclick.net ka-p.fontawesome.com *.fontawesome.com *.collector.snplow.net acsbapp.com *.acsbapp.com *.srv.stackadapt.com *.cookielaw.org *.facebook.com *.marketo.com *.mktoresp.com *.eloqua.com *.swiftype.com *.ceridian.ca *.swiftypecdn.com *.callrail.com go.ceridian.com *.onetrust.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; media-src * 'unsafe-inline'; frame-src 'self' *.ceros.com accessibe.com *.accessibe.com *.acsbapp.com acsbapp.com *.bizzabo.com *.facebook.com *.marketo.com *.twitter.com *.youtube.com *.driftt.com *.vidyard.com *.adsrvr.org go.ceridian.com *.hotjar.com 5 frame-ancestors 'self' *.bronto.com bronto.com 5 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 5 default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 5 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 5 frame-ancestors 'self' http://www.fx-graphics.com; 5 form-action https:; upgrade-insecure-requests 5 font-src *;img-src * data:; 5 frame-ancestors 'self' next.brella.io *.on24.com; 5 upgrade-insecure-requests; frame-ancestors 'self' www.newamericanfunding.com thebrokernetwork.com www.thebrokernetwork.com; default-src 'unsafe-eval' 'unsafe-inline' data: https:; script-src 'unsafe-eval' 'unsafe-inline' data: https: blob:; style-src 'unsafe-inline' data: https:; img-src data: https: blob:; font-src data: https:; connect-src https: blob:; media-src data: https: blob:; object-src https:; frame-src data: https:; child-src data: https: blob:; form-action https:; 5 default-src * 'unsafe-inline' 'unsafe-eval' data: 5 frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 5 frame-ancestors 'self' https://login.dvci.uk.pt-x.com https://login.dvqa.uk.pt-x.com https://login.uat.uk.pt-x.com https://login.go.pt-x.com https://dvci.uk.pt-x.com https://login.demo.uk.pt-x.com https://login.cat.uk.pt-x.com https://login.vf.pt-x.com http://localhost:9999 https://secure.emandates.co.uk https://uat.emandates.co.uk https://datamart.emandates.co.uk https://sandbox.emandates.co.uk https://demonstration.emandates.co.uk; 5 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 5 default-src 'unsafe-inline' 'unsafe-eval' https: data: 5 worker-src 'self' http://*.austlii.edu.au *.datalex.org www.lawnet.sg; 5 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://the.sciencebehindecommerce.com https://www.zenaps.com https://s.salecycle.com https://*.womensecret.com https://*.myspringfield.com https://*.cortefiel.com https://*.fiftyoutlet.com https://*.pedrodelhierro.com https://*.hossintropia.com https://*.igodigital.com https://geolocation.onetrust.com https://*.doubleclick.net https://www.googleadservices.com https://www.dwin1.com https://assets.adobedtm.com https://100015928.collect.igodigital.com https://dev.visualwebsiteoptimizer.com https://*.fitanalytics.com https://*.adyen.com https://maps.googleapis.com https://www.dwin1.com/19803.js https://chat1-cortefiel.i6.inconcertcc.com https://webchat-cortefiel.i6.inconcertcc.com https://sslwidget.criteo.com https://connect.facebook.net https://*.crazyegg.com https://bat.bing.com https://static.criteo.net https://s.pinimg.com https://www.google-analytics.com https://*.cquotient.com https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://*.speedcurve.com https://*.cdnwebcloud.com https://*.adsrvr.org https://unpkg.com https://*.unpkg.com https://*.google.com https://*.google.es https://*.google.at https://*.google.be https://*.google.bg https://*.google.cz https://*.google.dk https://*.google.fr https://*.google.de https://*.google.hu https://*.google.ie https://*.google.it https://*.google.lu https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ru https://*.google.sk https://*.google.se https://*.google.co.uk https://*.akamaihd.net https://vk.com https://*.yandex.ru https://*.tiktok.com; connect-src 'self' https://*.womensecret.com https://*.myspringfield.com https://*.cortefiel.com https://*.fiftyoutlet.com https://*.pedrodelhierro.com https://*.hossintropia.com https://the.sciencebehindecommerce.com/lgc https://i.salecycle.com https://smetrics.cortefiel.com https://smetrics.womensecret.com https://smetrics.fiftyoutlet.com https://smetrics.pedrodelhierro.com https://smetrics.myspringfield.com https://smetrics.hossintropia.com https://*.bing.com https://*.myspringfield.com https://dpm.demdex.net https://*.fitanalytics.com https://chat1-cortefiel.i6.inconcertcc.com https://ct.pinterest.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cookie-cdn.cookiepro.com https://*.crazyegg.com https://*.facebook.com https://*.akamaihd.net https://*.yandex.ru https://vk.com https://*.vk.com https://unpkg.com https://*.scandit.com https://vimeo.com https://*.vimeo.com https://*.tiktok.com; img-src data: *; style-src 'self' 'unsafe-inline' https://*.typekit.net https://chat1-cortefiel.i6.inconcertcc.com https://fonts.googleapis.com https://*.womensecret.com https://*.myspringfield.com https://*.cortefiel.com https://*.fiftyoutlet.com https://*.pedrodelhierro.com https://*.hossintropia.com https://*.fitanalytics.com https://*.akamaihd.net; base-uri 'self'; form-action *; font-src 'self' data: https://*.typekit.net https://fonts.gstatic.com https://chat1-cortefiel.i6.inconcertcc.com https://*.fitanalytics.com https://*.akamaihd.net https://*.amazonaws.com; frame-src 'self' https://www.zenaps.com https://s.salecycle.com https://*.womensecret.com https://*.facebook.com https://*.doubleclick.net https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.adsrvr.org https://*.demdex.net https://*.youtube.com https://*.vimeo.com https://*.pinterest.com https://*.pinterest.es https://*.inconcertcc.com; media-src 'self' https://videos.hossintropia.com https://videos.cortefiel.com https://videos.womensecret.com https://videos.myspringfield.com https://videos.fiftyoutlet.com https://videos.pedrodelhierro.com 5 Content-Security-Policy-Report-Only 5 img-src * 5 default-src *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 5 default-src 'self' https://www-cdn01.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://proxy.ay.prod.3whst.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://uat-ay.buildout.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://proxy.ay.prod.3whst.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com http://script.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://proxy.ay.prod.3whst.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://buildout-production.s3.amazonaws.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm; connect-src 'self' https://www.google-analytics.com https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 5 frame-ancestors 'self' *.gdmissionsystems.com 5 frame-ancestors 'self'; block-all-mixed-content 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://translate.googleapis.com https://translate.google.com https://ajax.googleapis.com https://code.jquery.com https://ajax.microsoft.com https://unpkg.com https://web.production.gyantts.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://www.google.com https://www.gstatic.com https://cdn.calltrk.com https://connect.facebook.net https://www.youtube.com; img-src 'self' data: https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://s3.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://www.googletagmanager.com https://cdn-images.kyruus.com https://kyruus-app-static.kyruus.com https://img.youtube.com https://www.facebook.com https://connect.facebook.net https://translate.google.com; media-src https://www.youtube.com https://translate.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://web.production.gyantts.com https://cdnjs.cloudflare.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com; connect-src 'self' https://www.google-analytics.com https://web.production.gyantts.com wss://web.production.gyantts.com https://stats.g.doubleclick.net https://s3.amazonaws.com https://go.nuvancehealth.org https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://maps.googleapis.com https://translate.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://web.production.gyantts.com; frame-src 'self' https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://host.nxt.blackbaud.com https://go.nuvancehealth.org https://www.google.com https://www.youtube.com https://intakeforms.sequencehealth.com https://www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; 5 frame-ancestors 'self'; object-src 'none'; 5 default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';img-src * data: blob: 'self' *.doubleclick.net dc.ads.linkedin.com analytics.twitter.com t.co;block-all-mixed-content;upgrade-insecure-requests; 5 frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl itesco.sk 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com www.google-analytics.com; 5 frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com https://app.accelus.com 5 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5 default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 5 object-src 5 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 5 base-uri 'self';frame-ancestors 'self';frame-src *;object-src 'none'; 5 frame-ancestors 'self' *.authorize.net 5 default-src 'self' data: ps.w.org *.hubspot.com p.adsymptotic.com secure.gravatar.com yoast.com *.yoast.com www.google.com www.google.co.uk *.linkedin.com www.googleadservices.com www.youtube.com *.vimeo.com www.google-analytics.com stats.g.doubleclick.net dc.services.visualstudio.com fonts.gstatic.com cdn-cookieyes.com *.cookieyes.com;script-src 'self' www.googleadservices.com cdn.mxpnl.com cdnjs.cloudflare.com unpkg.com js.hs-analytics.net js.hs-banner.com js.usemessages.com js.hsleadflows.net tribl.io js.hs-scripts.com cdn-cookieyes.com ws.zoominfo.com *.doubleclick.net extend.vimeocdn.com snap.licdn.com www.google.com www.gstatic.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com;frame-ancestors 'self' 5 upgrade-insecure-requests; default-src https: data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' 5 frame-ancestors 'self' https://fuse.pav.portals.swisslife.ch https://fuse.portals.swisslife.ch 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.stockdio.com t2mstatus.com *.microsoft.com *.leadinfo.net *.bcebos.com *.baidu.com *.twitter.com *.ads-twitter.com snap.licdn.com *.hotjar.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com mktdplp102cdn.azureedge.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ *.en25.com cdn.ampproject.org *.msecnd.net *.cloudflare.com *.googletagmanager.com *.hms-networks.com *.livechatinc.com *.wistia.net; style-src 'self' 'unsafe-inline' *.fontawesome.com *.windows.net ewonsupport.biz *.ewonsupport.biz api.stockdio.com t2mstatus.com *.microsoft.com *.hms-networks.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.cloudflare.com *.googletagmanager.com *.livechatinc.com *.wistia.net; font-src 'self' *.windows.net *.fontawesome.com api.stockdio.com t2mstatus.com *.microsoft.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.googletagmanager.com *.livechatinc.com *.wistia.net; img-src 'self' https://p.adsymptotic.com *.azurewebsites.net api.stockdio.com t2mstatus.com *.microsoft.com *.baidu.com *.google.fi *.google.com t.co *.linkedin.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com *.hms-networks.com *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com *.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com platform.twitter.com/css/ *.twimg.com data: blob: *.googletagmanager.com *.wistia.net; media-src 'self' t2mstatus.com api.stockdio.com *.hms-networks.com *.azureedge.net data: blob: *.googletagmanager.com *.livechatinc.com *.wistia.net; child-src 'self' hms.neckarfreunde.net *.bihl-wiedemann.de *.jacando.io api.stockdio.com t2mstatus.com *.microsoft.com *.qq.com *.intesis.com *.hotjar.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ *.dynamics.com *.google.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube-nocookie.com *.googletagmanager.com *.livechatinc.com *.wistia.net; connect-src 'self' *.hotjar.io *.windows.net *.dynamics.com api.stockdio.com *.hotjar.com t2mstatus.com *.microsoft.com *.leadinfo.net *.leadinfo.com *.baidu.com stats.g.doubleclick.net accounts.google.com https://*.insight.sitefinity.com *.visualstudio.com *.google-analytics.com *.hms-networks.com *.googletagmanager.com *.livechatinc.com *.wistia.net; 5 child-src * 5 “upgrade-insecure-requests;†5 frame-ancestors 'self' *.egovcdn.com 5 default-src 'self' https://*.facebook.com https://pr-cpt-ap-lx.amerihealthcaritas.com https://stats.g.doubleclick.net https://*.cavulus.com https://*.darwinrx.com https://*.google.com https://*.amerihealthcaritas.com https://*.auntbertha.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.crownpeak.com https://*.crownpeak.net https://*.doubleclick.net https://*.formularynavigator.com https://*.google-analytics.com https://*.googletagmanager.com https://*.icontact.com https://*.serving-sys.com https://*.time.ly https://*.youtube.com https://*.ytimg.com https://*.gstatic.com; img-src * data:;script-src 'self' https://*.facebook.net https://ajax.googleapis.com https://amerihealth.enroll.cavulus.com https://*.google.com https://formularynavigator.com https://pr-cpt-ap-lx.amerihealthcaritas.com https://stats.g.doubleclick.net https://*.time.ly https://*.cavulus.com https://*.darwinrx.com https://*.amerihealthcaritas.com https://*.auntbertha.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.crownpeak.com https://*.crownpeak.net https://*.doubleclick.net https://*.formularynavigator.com https://*.google-analytics.com https://*.googletagmanager.com https://*.icontact.com https://*.serving-sys.com https://*.time.ly https://*.youtube.com https://*.ytimg.com https://*.gstatic.com 'unsafe-inline' 'unsafe-eval' ;style-src 'self' https://app.icontact.com https://fonts.googleapis.com https://*.google.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com 'unsafe-inline' ;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; 5 block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' 5 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 5 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 5 frame-ancestors 'self' https://*.lucky311.com https://*.playcx.com https://*.playdublinbet.com https://*.play31.com https://*.premierlivecasino.com https://*.sterlingcdn.com https://sterlingcdn.com https://*.lucky31fr.com https://*.casinoextra2.com https://*.sterlingcdn.com https://*.streatapp.com https://*.casinoextra100.com https://*.dublinsbet.com https://*.lucky-31.com https://*.casinoextra3.com https://*.dublinbet1.com https://*.prontocasino.com https://*.casino-estrellas.com https://*.dublinbet.org https://*.casinoextra.net https://*.fatboss.com https://*.casinoextraclub.com https://*.lucky31club.com https://*.dublinbetenvivo.com https://*.casinoestrellavip.com https://*.fatboss1.com https://*.fatboss1.net https://*.fatbossclub.com https://*.fatbossvip.com https://*.thefatboss.com https://*.thefatboss.net https://*.casinoextra2019.com https://*.casinoestrella2019.com https://*.dublinbet2019.com https://*.prontolive.se https://*.casinoextrawin.com https://*.dublinbetwin.com https://*.lucky31win.com https://*.onlinebingowin.com https://*.casinoestrellawin.com https://*.fatbosswin.com https://*.casinoextra2020.com https://*.dublinbet2020.com https://*.lucky312020.com https://*.onlinebingo2020.com https://*.casinoestrella2020.com https://*.fatboss2020.com https://*.casinoextraofficial.com https://*.dublinbetofficial.com https://*.lucky31official.com https://*.onlinebingoofficial.com https://*.casinoestrellaofficial.com https://*.fatbossofficial.com https://*.futocasi.com https://livecasino.betamogames.com https://livecasino.casinoestrella.com https://livecasino.casinoestrella1.com https://livecasino.casinoextra.com https://livecasino.casinoextrafr.com https://livecasino.oddsextra.com https://livecasino.onlinebingo.eu https://livecasino.playdublinbet.com https://livecasino.premierlivecasino.com https://livecasino.prontocasino.com https://mtm-static.casinomodule.com https://*.yggdrasilgaming.com https://nolimitjs.nolimitcdn.com https://d1k6j4zyghhevb.cloudfront.net https://quickfire3.gameassists.co.uk https://mobile3.gameassists.co.uk https://livegames.gameassists.co.uk https://lobby-estrella.betsoftgaming.com https://starfishcasino.tain.com https://www.alteagaming.com https://starfish-godwebclient-cur.geniigaming.net https://game3.betgames.tv https://*.betamogames.com https://game.itsreal.live https://starfishmedia-prod-dgm.ps-gamespace.com https://alvcw.playngonetwork.com https://apiprod.fundist.org https://gserver-starfishmedia.redtiger.cash https://aggr.softswiss.net https://*.zendesk.com https://guezcash.com https://fastwin.pro https://specialwin.biz https://kopsoft.net https://guezcash.com https://succescode.com https://tech-analysts.com https://westernasset.pro https://invesco.pro https://fidelity.la https://software-house.biz https://biznessintelligence.net https://software-xpertz.com https://tech-helden.com 5 frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 5 true; upgrade-insecure-requests 5 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 5 default-src 'self' 'unsafe-inline' data: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.gstatic.com *.googleapis.com *.googlesyndication.com *.wir.ch wir.ch *.youtube-nocookie.com *.youtube.com *.vimeo.com *.logismata.ch *.g.doubleclick.net *.facebook.net *.facebook.com snap.licdn.com bat.bing.com *.linkedin.com *.cookiebot.com *.swisscaution.ch *.datatrans.biz *.tiqcdn.com *.tdbtrk.com *.tealiumiq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.gstatic.com *.googleapis.com *.googlesyndication.com *.wir.ch wir.ch *.youtube-nocookie.com *.youtube.com *.vimeo.com *.logismata.ch *.g.doubleclick.net *.facebook.net *.facebook.com snap.licdn.com bat.bing.com *.linkedin.com *.cookiebot.com *.swisscaution.ch *.datatrans.biz *.tiqcdn.com *.tdbtrk.com *.tealiumiq.com; frame-ancestors 'self' https://www.jobs.ch 5 frame-src 'self'; 5 default-src 'unsafe-inline' 'unsafe-eval' data: blob: https:; frame-ancestors 'self' 5 frame-ancestors 'self' http://acpmonitor/*; 5 default-src https: 5 default-src data: blob: http://* https://* wss://* 'self' 'unsafe-inline' 'unsafe-eval'; 5 default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.relap.io *.roxot-panel.com *.serving-sys.com *.vk.com adservice.google.com adservice.google.ru an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org cdn.consentmanager.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru relap.io static.criteo.net vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.relap.io *.roxot-panel.com *.serving-sys.com *.vk.com ads.betweendigital.com an.yandex.ru cdn.consentmanager.mgr.consensu.org cdn.jsdelivr.net consentmanager.mgr.consensu.org csi.gstatic.com ib.adnxs.com jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru pagead2.googlesyndication.com pb.adriver.ru prebid-bidder.rutarget.ru prebid-eu.creativecdn.com px.adhigh.net relap.io securepubads.g.doubleclick.net ssp.hybrid.ai ssp.otm-r.com static.criteo.net strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net ymetrica1.com; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coub-anubis-a.akamaized.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru tpc.googlesyndication.com vk.com www.google.com yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/splash?v=30.09.21; 4 frame-ancestors 'self' *.cnbc.com *.acorns.com; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; 4 default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca an.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.yandex.net verify.yandex.ru *.verify.yandex.ru 'self'; frame-src http: https: awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; font-src http: https: data: an.yandex.ru yastatic.net yastat.net 'self'; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru static-mon.yandex.net 'self'; media-src http: https: data: *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net report-uri https://livejournal.com/csp_reports 4 frame-ancestors 'none'; upgrade-insecure-requests 4 upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster:; report-uri https://o378271.ingest.sentry.io/api/5201427/security/?sentry_key=b97b30d6fd6244419f1e761e6f6f319a 4 frame-ancestors *.constantcontact.com bugcrowd.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 4 frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net survey-d.dynata.com 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; img-src 'self' https: data: blob:; object-src https://*.engadget.com https://s.yimg.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://www.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 4 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ *.google-analytics.com https://www.gstatic.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ; 4 block-all-mixed-content; report-uri /csp-report?p=%21unknown; base-uri 'none'; default-src 'none'; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://www.googletagmanager.com https://ga.clearbit.com; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com https://www.googletagmanager.com; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net https://www.google-analytics.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://www.googletagmanager.com data: https://px.ads.linkedin.com https://p.adsymptotic.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-6hCrKkhcyMhhMFEfSpCTaBOu2I3bF+wiEjLQdI7s+jQ=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ad.doubleclick.net 'sha256-ELZBkO1eLwWs6QKigj+FQzktzusJRQek0e2CLudl4N8=' https://www.googletagmanager.com https://ga.clearbit.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 4 frame-ancestors 'self' hhs.gov *.hhs.gov 4 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 4 frame-ancestors 'self' *.shutterfly.com *.tinyprints.com *.onehippo.io; 4 default-src * data: blob: mailto: tel: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 4 frame-ancestors 'self' appsec.aarp.org secure.aarp.org feeds.aarp.org; 4 frame-ancestors 'self' https://www.google.com https://discover-hubpages-com.cdn.ampproject.org; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 4 frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 4 default-src 'self' http: https: 4 frame-ancestors 'self' https://*.adobe.com; 4 frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 4 frame-ancestors 'self' https://www.google.com https://www-si-com.cdn.ampproject.org; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 4 frame-ancestors 'self' https://*.twilio.com https://www.twilio.com;report-uri https://www.twilio.com/console/api/cspr 4 default-src 'self'; connect-src 'self' https://cdn.plyr.io https://demo-web.matomo.org https://demo.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org; script-src 'self' http://ajax.googleapis.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://static.matomo.org https://demo-web.matomo.org https://demo.matomo.org 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.matomo.org https://fonts.googleapis.com; img-src 'self' https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://demo.matomo.org https://static.matomo.org https://video.matomo.org secure.gravatar.com api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src https://www.matomo.org https://matomo.org blob:; font-src 'self' https://static.matomo.org data: https://fonts.gstatic.com https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org; 4 frame-ancestors 'self' https://ajc.newspapers.com https://*.ajchomefinder.com https://www.legacy.com 4 block-all-mixed-content; frame-ancestors 'self' qualys.com *.qualys.com; 4 frame-ancestors 'self' *.benzinga.com 4 script-src 'self' www.google-analytics.com blockchain.info 'unsafe-inline' 4 default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors https://*.ionos.com https://ionos.com; 4 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4 frame-ancestors 'self' *.lufthansa.com *.brusselsairlines.com 4 frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns https://www.scotiabank.com; 4 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com https://act.nrdc.org; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4 default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 4 default-src 'self' *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; connect-src *; img-src * blob: data:; child-src *; media-src *; frame-ancestors 'self' *.activenetwork.com *.active.com *.activekids.com; worker-src * blob:; object-src *; 4 frame-ancestors 'self' *.bazaarvoice.com 4 script-src 'self' *.startpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' data: *.startpage.com; frame-src 'self' *.startpage.com; frame-ancestors 'self'; connect-src 'self' *.startpage.com; report-uri https://www.startpage.com/do/cspvr 4 frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com; 4 frame-ancestors 'self' https://comscore.sharepoint.com; 4 upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 4 frame-ancestors https://app.experiencewelcome.com/ https://test-panther.pantheonsite.io/; 4 frame-ancestors 'self' https://help.patagonia.com/ https://notouchie-patagoniacommunity.cs7.force.com/ 4 frame-ancestors 'self' https://*.pandasecurity.com http://*.pandasecurity.com; 4 frame-ancestors 'self' *.avira.com *.avira.org *.avira.net *.prod-blog.avira.com prod-blog.avira.com; 4 script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob: https: https://api.useinsider.com; 4 frame-ancestors 'self' *.brandwatch.com; object-src 'none'; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: health.gov https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://static.addtoany.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com survey.alchemer.com www.surveygizmo.com surveygizmolibrary.s3.amazonaws.com *.ytimg.com, frame-ancestors 'self' 4 default-src * data: blob: ;script-src * 'self' 'unsafe-inline' 'unsafe-eval' ;worker-src * blob: ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' static-s.aa-cdn.net *.appannie.com *.appannie.com.cn *.appannie.org;img-src * data: blob: ;font-src * data: ;media-src * data: blob: ;base-uri 'self' d6tizftlrpuof.cloudfront.net manifest.prod.boltdns.net secure.brightcove.com ;connect-src * data: blob: wss://api.appcues.net;report-uri https://sentry.smart-sense.org/api/96/csp-report/?sentry_key=28d56c139d1542a19730a3eb84757027; 4 frame-ancestors 'self' https://*.webapps.rr.com https://*.chartercom.com https://*.ispectrum.com https://*.spectrum.com; 4 upgrade-insecure-requests; default-src * data: blob: *.medallia.eu *.kampyle.com *.google-analytics.com https://unpkg.com/ https://hello.myfonts.net/count/39cfed https://monitor.clickcease.com https://www.clickcease.com/monitor/stat.js; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.medallia.eu *.kampyle.com https://jscdn.appier.net/aa.js?id=st.com https://jscdn.appier.net https://munchkin.marketo.net https://unpkg.com/ https://monitor.clickcease.com *.go-mpulse.net https://resources.digital-cloud.medallia.eu/favicon.ico https://unpkg.com/web-vitals *.go-mpulse.net/boomerang/* https://www.facebook.com/tr/ https://www.clickcease.com/monitor/stat.js https://cdn.tt.omtrdc.net https://stmicroelectronics.tt.omtrdc.net *.nrich.ai *.speedcurve.com *.3gl.net https://maps.googleapis.com https://fonts.googleapis.com/css https://maps.google.com/mapfiles/ms/icons/red-dot.png https://maps.google.com/mapfiles/ms/icons/green-dot.png https://hello.myfonts.net/count/39cfed https://*.zscaler.net *.st.com *.stmicroelectronics.com.cn browser-update.org *.blob.core.windows.net *.adobedtm.com *.demandbase.com *.s3.amazonaws.com *.ads.linkedin.com *.onetrust.com https://cdn.cookielaw.org https://snap.licdn.com https://www.google-analytics.com https://connect.facebook.net https://cdn.decibelinsight.net wss://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net; style-src * data: blob: *.medallia.eu *.kampyle.com 'unsafe-inline' https://monitor.clickcease.com https://unpkg.com/ https://www.clickcease.com/monitor/stat.js https://hello.myfonts.net/count/39cfed; connect-src 'self' *.google-analytics.com *.medallia.eu *.nrich.ai *.speedcurve.com *.kampyle.com *.go-mpulse.net *.akamaihd.net *.akstat.io https://unpkg.com/ https://anylist.c.appier.net https://jscdn.appier.net https://stats.g.doubleclick.net/* https://856-pvp-715.mktoresp.com https://munchkin.marketo.net https://stats.g.doubleclick.net https://*.go-mpulse.net/boomerang/* https://www.facebook.com/tr/ https://monitor.clickcease.com https://www.clickcease.com/monitor/stat.js https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://hello.myfonts.net/count/39cfed https://privacyportal-de.onetrust.com/request/v1/consentreceipts* *.3gl.net https://maps.googleapis.com https://fonts.googleapis.com/css https://maps.google.com/mapfiles/ms/icons/red-dot.png https://maps.google.com/mapfiles/ms/icons/green-dot.png https://*.zscaler.net *.st.com *.stmicroelectronics.com.cn *.demandbase.com *.company-target.com *.s3.amazonaws.com https://api.ipify.org https://stmicroelectronics.tt.omtrdc.net https://dpm.demdex.net https://cdn.decibelinsight.net wss://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net 4 frame-ancestors 'self' http://info.barchart.com 4 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://script.hotjar.com/ https://go.in.kantar.com/ https://media-cdn.ipredictive.com/js/ https://script.hotjar.com/modules.4511dadc364f0ee7084d.js https://script.hotjar.com/modules.7225c79fe4e29708c611.js https://www.googleadservices.com/ https://online2.superoffice.com/ https://script.hotjar.com/modules.cd1eea15fc08cdfc520a.js https://script.hotjar.com/modules.a6cfc71c5ac4549d913e.js https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://static.hotjar.com/c/ https://script.hotjar.com/modules.0734134ae79697970353.js https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com; connect-src *; img-src 'self' data: https://www.google.co.za/pagead/1p-user-list/668928299/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg; frame-src 'self' https://app.livestorm.co/ https://app.powerbi.com/ https://newsletterform.z6.web.core.windows.net/ https://go.in.kantar.com/ http://mkt.kantar.com/ https://tns-portal.rexx-recruitment.com/ https://www.kantarlivefr.com/ https://online2.superoffice.com/ https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://vars.hotjar.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://go.na.kantar.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/; frame-ancestors https://*.khapps.com https://*.khapps.jp; font-src 'self' data: https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com 4 upgrade-insecure-requests; default-src 'self'; frame-src 'self' www.youtube.com www.youtube-nocookie.com *.altrulabs.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.continental.com www.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com www.google-analytics.com analytics-udg.netdna-ssl.com unpkg.com blob:; font-src 'self' data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.continental.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com www.google-analytics.com stats.g.doubleclick.net *.mouseflow.com; img-src * data:; media-src * blob:; 4 frame-ancestors 'self' www.jobs-im-suedwesten.de www.energyjobline.com www.onlyengineerjobs.com www.meinestelle.de www.startus.cc www.mapmeo.com www.papa-jobs.ch job.kurier.at www.jobs-in-chemie.de 4 frame-ancestors 'self' www.facebook.com www.messenger.com www.liligo.fr admin.liligo.fr; report-uri /vsctcspreport 4 default-src'self'; 4 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 4 frame-ancestors 'self' *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-hostingpartner.de *.1und1-hostingpartner.de 1und1-freenet.de *.1und1-freenet.de; 4 default-src 'unsafe-inline' 'unsafe-eval' https: data:; block-all-mixed-content; upgrade-insecure-requests 4 frame-ancestors *.adobe.com 4 default-src 'self' vercel.com *.vercel.com *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com *.coinbase.com *.zdassets.com cdn.sift.com cdn.segment.com cdn.ampproject.org vercel.com *.vercel.com *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com *.coinbase.com object-detection.vercel.app serverless-vrs.vercel.app github.com vercel.com *.vercel.com *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com vercel.com *.vercel.com *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' stream.mux.com *.fastly.net *.stackpathdns.com *.hwcdn.net videos.ctfassets.net blob: vercel.com *.vercel.com *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;connect-src *;font-src *.vercel.com *.gstatic.com;worker-src blob: 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.chevron.com https://assetscdn.stackla.com https://widget.stackla.com https://optanon.blob.core.windows.net https://*.mktoresp.com https://munchkin.marketo.net https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googlesapis.com https://www.googletagmanager.com https://apps.sitecore.net https://s.ytimg.com https://www.youtube.com https://cdn.cookielaw.org https://www.google-analytics.com https://chevron.az1.qualtrics.com https://www.google.com https://www.googleapis.com https://extreme-ip-lookup.com https://secure-ds.serving-sys.com https://stats.g.doubleclick.net https://chevroncorp.gcs-web.com https://9853044.fls.doubleclick.net https://vjs.zencdn.net https://adservice.google.com https://bs.serving-sys.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://www.googleadservices.com https://quiz.chevronstemquiz.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://t.co https://px.ads.linkedin.com https://analytics.twitter.com https://www.facebook.com https://*.crazyegg.com https://optimize.google.com https://178-uxe-734.mktoutil.com https://10232094.fls.doubleclick.net https://code.jquery.com https://wellplayedtest.s3.us-east-2.amazonaws.com; img-src 'self' data: https://www.chevron.com https://img.youtube.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.linkedin.com https://www.facebook.com https://t.co https://px.ads.linkedin.com https://*.adsymptotic.com https://optimize.google.com https://10232094.fls.doubleclick.net https://i.ytimg.com blob: https://www.chevron.com; style-src 'self' 'unsafe-inline' https://www.chevron.com https://fonts.googleapis.com https://optanon.blob.core.windows.net https://assetscdn.stackla.com https://vjs.zencdn.net https://optimize.google.com https://cdn.cookielaw.org https://fonts.googleapis.com; font-src 'self' data: 'unsafe-inline' https://www.chevron.com https://assetscdn.stackla.com https://fonts.gstatic.com https://optimize.google.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://178-uxe-734.mktoresp.com https://extreme-ip-lookup.com https://script.crazyegg.com https://tracking.crazyegg.com https://cdn.cookielaw.org https://dev-chevronproducts.cs194.force.com; upgrade-insecure-requests; block-all-mixed-content; 4 frame-ancestors 'self' *.cybersource.com *.salesforce.com *.force.com ; form-action *.cybersource.com *.salesforce.com *.force.com 'self' 4 frame-ancestors 'self' https://next.brella.io; 4 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 4 default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.yoast.com data: 'unsafe-inline' 'unsafe-eval' code.jquery.com *.gravatar.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools *.olympicchannel.com olympics.com; frame-ancestors 'self' atos.net *.atos.net atosnews.net atos365.sharepoint.com; 4 default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com; style-src 'self' 'unsafe-inline' https://*.oebb.at https://apis.google.com https://*.googleapis.com https://*.azureedge.net https://static.userback.io; script-src 'self' https://myincert.com/public/api/incertClient.js https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com https://*.azureedge.net https://static.userback.io https://walls.io https://cdn.botframework.com; connect-src 'self' https://*.oebb.at https://obc.railcargo.com https://*.azureedge.net https://directline.botframework.com wss://directline.botframework.com https://api.userback.io https://*.playertec.de https://powerva.microsoft.com; img-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://static.userback.io https://oebbtalentinastorage.blob.core.windows.net data: blob:; frame-src https://railtours.traumgutscheine.com/ https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com https://at.cloud.fabasoft.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://*.azureedge.net https://live.virtual-events.at https://*.streaming.media.azure.net https://www.traumgutscheine.com https://my.walls.io https://*.vimeo.com https://service.studiobaff.com https://*.playertec.de; frame-ancestors https://oebb-test.hafas.de https://*.oebb.at http://fahrplan.oebb.at; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.gstatic.com; 4 frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu ; 4 frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 4 frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com https://www-dev.tibco.com https://tibco.seismic.com https://www.ibi.com; report-uri /report-csp-violation 4 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' script-src: https://ajax.googleapis.com https://analytics.kaltura.com https://api.peer5.com https://bat.bing.com https://cdnapisec.kaltura.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://players.brightcove.net https://s7.addthis.com https://secure.perk0mean.com https://static.cloud.coveo.com https://tag.demandbase.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com object-src: https://fonts.gstatic.com; 4 default-src 'self' data: https:; script-src 'self' https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com 'unsafe-inline' 'unsafe-eval' https:; child-src 'self' blob:; worker-src 'self' blob:;object-src 'self'; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' https: mailto: tel:; font-src 'self' data: https:; connect-src 'self' https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https: wss://*.hotjar.com; frame-ancestors 'self' https://vshow.on24.com https://login-staging.qlik.com/ https://login.qlik.com/; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests; 4 block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline' 'unsafe-eval'; 4 frame-ancestors 'self' https://wiki.abbyy.com 4 font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io; 4 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; upgrade-insecure-requests; block-all-mixed-content; 4 frame-ancestors 'self' http://www.dove.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 4 frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 4 default-src 'none'; connect-src 'self' bloghelpers.troyhunt.com links.services.disqus.com www.google-analytics.com stats.g.doubleclick.net syndication.twitter.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.google.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com; img-src 'self' c.disquscdn.com referrer.disqus.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' c.disquscdn.com disqus.com troyhunt.disqus.com www.google.com www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ 'sha256-dblwN9MUF0KZKfqYU7U9hiLjNSW2nX1koQRMVTelpsA=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg=' unpkg.com/@tryghost/; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com fonts.googleapis.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 4 frame-ancestors 'self' https://www.entrust.com ; default-src https: data: wss://*.hotjar.com ; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src https: data:;media-src https: data: blob: mediastream: 4 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com; upgrade-insecure-requests; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net blob: data: 4 frame-ancestors 'self' *.regmovies.com *.authorize.net 4 frame-ancestors 'self' www.haier.com *.haier.com cnwcm.haier.com http://cnwcm.haier.com https://mgta.trs.cn http://mgta.trs.cn http://devta.trs.cn *.haier.net *.tongshuai.com *.casarte.com *.geappliances.cn 4 connect-src 'self' my-ducati-stg.s3.eu-west-1.amazonaws.com my-ducati-dev.s3.eu-west-1.amazonaws.com my-ducati-prd.s3.eu-west-1.amazonaws.com *.dynatrace.com api-public.ducati.com wurfl.io c.go-mpulse.net calculator.vwfs.com calculator.volkswagenbank.de s.yimg.com www.facebook.com apiwheel.h-en.me *.akstat.io *.akamaihd.net performance.typekit.net *.rsc.cdn77.org dasfelynsaterr.webcam videoram.com www.bing.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com secure-ds.serving-sys.com; font-src data: 'self' fonts.gstatic.com github.com media.ducati.com assets.ducati.com use.typekit.net chrome-extension *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com; script-src-elem data: *.dynatrace.com assets.ducati.com platform.twitter.com pixel.mathtag.com loadus.exelator.com *.snt.imrworldwide.com pool.adizio.com pool.admedo.com gc.kis.v2.scr.kaspersky-labs.com s.yimg.com sp.analytics.yahoo.com 'self' 'unsafe-inline' maps.googleapis.com s.go-mpulse.net s2.adform.net use.typekit.net wurfl.io www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de gateway.zscalertwo.net about *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com secure-ds.serving-sys.com bs.serving-sys.com; script-src *.dynatrace.com assets.ducati.com platform.twitter.com s.yimg.com use.typekit.net 'self' 'unsafe-eval' 'unsafe-inline' s.go-mpulse.net wurfl.io www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de maps.googleapis.com s2.adform.net sp.analytics.yahoo.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com; base-uri 'self' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com; frame-src pixel.mathtag.com platform.twitter.com www.youtube.com youtu.be www.facebook.com www.googletagmanager.com remove.video *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com; img-src 'self' about data: * *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com; script-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com; style-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com; style-src-elem 'self' 'unsafe-inline' assets.ducati.com fonts.googleapis.com adblockers.opera-mini.net *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.ducati.com fonts.googleapis.com translate.googleapis.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com 4 frame-ancestors https://www.cedars-sinai.org/ https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 4 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://forms.hubspot.com www.connectidfeed.com otp.tools.investis.com irs.tools.investis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud unpkg.com tools.luckyorange.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com brightcove.hs.llnwd.net cf-images.eu-west-1.prod.boltdns.net *.wpengine.com https://exceptions.hs-embed-reporting.com; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud settings.luckyorange.com wss://mqtt.luckyorange.com/mqtt public-auth-dot-lucky-orange.appspot-preview.com api-preview.luckyorange.com; report-uri /report-csp-violation 4 frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn 4 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.sprinklr.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: *.sprinklr.com; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src *; frame-src *; media-src * blob:; worker-src * blob:; 4 frame-ancestors 'self' connectappypie.com googleapis.com reveal.clearbit.com; 4 frame-ancestors 'self' https://tryamp.msiteproject.com https://your-domain.cdn.ampproject.org https://your-domain.amp.cloudflare.com https://cdn.ampproject.org https://mytaj.tajhotels.com/ https://uatmytaj.tajhotels.com/ https://author-taj-prod65a.adobecqms.net/ 4 default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src http: https: data: ; font-src http: https: data: 4 default-src 'self' 'unsafe-inline' www.pentair.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.pentair.com assets.adobedtm.com apps.bazaarvoice.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.cloudfront.net cdn.cookielaw.org cdn.curator.io st1.dialogtech.com googleads.g.doubleclick.net connect.facebook.net www.google.com www.googleadservices.com www.google-analytics.com maps.googleapis.com www.googletagmanager.com www.gstatic.com *.ss-omtrdc.net script.hotjar.com static.hotjar.com cdn.jsdelivr.net geolocation.onetrust.com polyfill.io cdn.roirevolution.com cdn.storepoint.co use.typekit.net www.youtube.com *.bazaarvoice.com *.taboola.com bat.bing.com *.criteo.net *.criteo.com *.affirm.com mpsnare.iesnare.com cdn.jst.ai tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com eu.srv.stackadapt.com *.jst.ai view.ceros.com twin-iq.kickfire.com js.adsrvr.org insight.adsrvr.org *.salesforceliveagent.com *.force.com *.salesforce.com aa.trkn.us *.licdn.com tag.simpli.fi urldefense.com; style-src 'self' 'unsafe-inline' www.pentair.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.curator.io use.fontawesome.com fonts.googleapis.com placehold.it display.ugc.bazaarvoice.com tags.srv.stackadapt.com twin-iq.kickfire.com *.salesforceliveagent.com *.force.com *.salesforce.com; font-src 'self' data: www.pentair.com maxcdn.bootstrapcdn.com cdn.curator.io use.fontawesome.com fonts.gstatic.com use.typekit.net script.hotjar.com; connect-src 'self' www.pentair.com *.algolia.com *.algolia.net *.algolianet.com insights.algolia.io cdn.cookielaw.org api.curator.io dpm.demdex.net pentairmg.demdex.net stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.googleapis.com *.hotjar.com *.omtrdc.net *.ss-omtrdc.net privacyportal.onetrust.com s7d2.scene7.com api.vimeo.com trc-events.taboola.com bat.bing.com *.affirm.com *.bazaarvoice.com cds.taboola.com tags.srv.stackadapt.com *.jst.ai pentairmgglobalstaging.112.2o7.net wss://ws4.hotjar.com twin-iq.kickfire.com js.adsrvr.org insight.adsrvr.org *.taboola.com *.salesforceliveagent.com wss://*.hotjar.com *.force.com *.criteo.net *.criteo.com; frame-src 'self' www.pentair.com *.doubleclick.net www.google.com vars.hotjar.com www.pentairpoolimages.com www.pentairpartners.com where-to-buy.co www.facebook.com pentairmg.demdex.net www.youtube.com gum.criteo.com *.affirm.com static.criteo.net *.bazaarvoice.com cdn.jst.ai view.ceros.com twin-iq.kickfire.com js.adsrvr.org insight.adsrvr.org *.salesforceliveagent.com *.adsrvr.org *.force.com aa.trkn.us *.salesforce.com; img-src * data:; media-src *; frame-ancestors 'self' www.pentair.com *.doubleclick.net www.google.com vars.hotjar.com www.pentairpoolimages.com www.pentairpartners.com where-to-buy.co www.facebook.com pentairmg.demdex.net www.youtube.com gum.criteo.com *.affirm.com static.criteo.net *.bazaarvoice.com cdn.jst.ai view.ceros.com twin-iq.kickfire.com *.salesforceliveagent.com *.force.com aa.trkn.us *.salesforce.com; 4 frame-scr https://library.ymcapps.net 4 frame-ancestors 'self' https://webvisor.com 4 'self' 4 frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; connect-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https: blob:; font-src 'self' data: https:; 4 frame-ancestors 'self' https://c360.cricketwireless.com; 4 object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.google.com *.bootstrapcdn.com *.facebook.net *.tctm.co *.clickdimensions.com *.googleadservices.com *.doubleclick.net *.trustarc.com globalstar.clarip.com *.addthis.com *.addthisedge.com *.bizographics.com *.linkedin.com *.gstatic.com unpkg.com rawgit.com *.avmws.com *.incontact.com jira.globalstar.com *.licdn.com *.zoominfo.com *.xg4ken.com *.cardinalcommerce.com *.cookielaw.org *.onetrust.com *.adroll.com static.cloudflareinsights.com 4 frame-ancestors 'self' *.lovecrafts.com 4 object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 4 frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net 4 frame-ancestors 'self' rtvs.sk *.rtvs.sk *.dev.rtvs.sk rtvs.org *.rtvs.org 4 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 4 default-src * 'unsafe-inline' data:; img-src * 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com *.thomascook.com *.hotjar.com *.imi.chat *.adyen.com *.spendology.io *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.google.co.uk *.google.com.ua *.direct.ingenico.com cc-cdn.com *.google.nl *.appsflyer.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com *.imi.chat *.adyen.com *.spendology.io *.thomascook.com *.google.com *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.wpengine.com *.imi.chat *.spendology.io *.thomascook.com https://script.hotjar.com; object-src 'self' ; frame-src 'self' data: *.facebook.com https://platform.twitter.com/ *.google.com *.hotjar.com *.imi.chat *.adyen.com *.vimeo.com *.youtube.com *.doubleclick.net *.thomascook.io *.youtu.be *.googlesyndication.com https://www.covidchecker.com *.direct.ingenico.com *.modirum.com *.thomascook.com; form-action * 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.thomascook.io *.thomascook.com; 4 frame-ancestors 'self' experience.adobe.com invescogroup.experiencecloud.adobe.com 4 default-src https: ws: data: blob: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self' http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ *.888-uae.com *.888games-uae.com *.888casino-uae.com *.arabiccasino888.com *.888-casinoarabic.com *.888casino-promotions.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888.pt *.888casino-arabic.com *.888casino-games.com *.888poker.ca *.888sport.ca *.888casino.ca *.888.ca cmsp; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 4 frame-ancestors 'self' *.knoema.com *.knoema.org 4 frame-ancestors 'self' https://*.salesforce.com 4 default-src 'self' *.svc.dynamics.com *.transactcampus.com https://www.transactcampus.com/ *.google-analytics.com *.bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.cdn.ampproject.org *.unpkg.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.unpkg.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js *.assets.adobedtm.com *.bat.bing.com https://bat.bing.com/bat.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.transactcampus.com https://www.transactcampus.com/ www.transactcampus.com https://bat.bing.com; media-src 'self' data: blob:; frame-src 'self' *.svc.dynamics.com *.youtube.com https://app.smartsheet.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.transactcampus.com https://www.transactcampus.com/ *.stats.g.doubleclick.net https://bat.bing.com/bat.js; 4 default-src https: 'unsafe-eval' 'self' data: ws.pusherapp.com wss: bugherd-attachments.s3.amazonaws.com screenshots.bugherd.com; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' static.addtoany.com www.bugherd.com kit.fontawesome.com ka-p.fontawesome.com ws.pusherapp.com fonts.googleapis.com sockjs.pusher.com www.google-analytics.com www.googletagmanager.com; object-src ws.pusherapp.com; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' data: fonts.googleapis.com; media-src https: data: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com ka-p.fontawesome.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net; report-uri /report-csp-violation 4 : upgrade-insecure-requests 4 default-src https://s3.amazonaws.com/tmp.prod.crm.talent-community-assets/34730_TalentCommunity_30a2a17f-3c34-4dbe-a11c-065ccbc99e9a_logo-radancy-color-no-tag.png http://localhost:5500 https://www.googleoptimize.com http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; script-src https://static.survale.com https://track.survale.com https://app.survale.com https://static.survale.com/ext/survey.js https://s3.amazonaws.com/tmp.prod.crm.talent-community-assets/34730_TalentCommunity_30a2a17f-3c34-4dbe-a11c-065ccbc99e9a_logo-radancy-color-no-tag.png http://localhost:5500 https://www.googleoptimize.com http://localhost https://radancy.dev https://*.radancy.com https://d1emzqdvia1vut.cloudfront.net/2.6.1/sp.js https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; frame-src https://app.survale.com https://s3.amazonaws.com/tmp.prod.crm.talent-community-assets/34730_TalentCommunity_30a2a17f-3c34-4dbe-a11c-065ccbc99e9a_logo-radancy-color-no-tag.png http://localhost:5500 https://www.googleoptimize.com http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; connect-src https://app.survale.com https://s3.amazonaws.com/tmp.prod.crm.talent-community-assets/34730_TalentCommunity_30a2a17f-3c34-4dbe-a11c-065ccbc99e9a_logo-radancy-color-no-tag.png http://localhost:5500 https://www.googleoptimize.com http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; img-src https://static.survale.com https://app.survale.com https://s3.amazonaws.com/tmp.prod.crm.talent-community-assets/34730_TalentCommunity_30a2a17f-3c34-4dbe-a11c-065ccbc99e9a_logo-radancy-color-no-tag.png http://localhost:5500 https://www.googleoptimize.com http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; font-src https://s3.amazonaws.com/tmp.prod.crm.talent-community-assets/34730_TalentCommunity_30a2a17f-3c34-4dbe-a11c-065ccbc99e9a_logo-radancy-color-no-tag.png http://localhost:5500 https://www.googleoptimize.com http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; style-src https://static.survale.com https://s3.amazonaws.com/tmp.prod.crm.talent-community-assets/34730_TalentCommunity_30a2a17f-3c34-4dbe-a11c-065ccbc99e9a_logo-radancy-color-no-tag.png http://localhost:5500 https://www.googleoptimize.com http://localhost https://radancy.dev https://*.radancy.com https://*.gstatic.com https://*.truste.com https://*.twitter.com https://*.talentbrew.com https://www.radancy.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com data: https://*.cloudflare.com https://*.tmpwebeng.com https://*.licdn.com https://*.ads-twitter.com https://*.facebook.net https://*.ads.linkedin.com https://*.co https://*.adsymptotic.com https://www.google.com https://www.facebook.com https://*.google.com https://*.g.doubleclick.net https://go.pardot.com/ 'unsafe-inline' 'unsafe-eval' https://*.talentbrew.io https://*.doubleclick.net/ https://*.googleapis.com ; 4 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 4 default-src https: 'unsafe-eval' 'unsafe-inline' 4 frame-ancestors 'self' https://cart.penguinrandomhouse.com/ 4 default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: 4 frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com; 4 frame-ancestors 'self';default-src 'self' blob: 'unsafe-inline' *.litix.io secure.adnxs.com *.g2.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com *.google.com *.google.co.in stats.g.doubleclick.net p.adsymptotic.com privacy-policy.truste.com *.linkedin.com api.sharedcount.com n2.mouseflow.com c.6sc.co epsilon.6sense.com www.facebook.com *.hubspot.com fonts.gstatic.com *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com fast.wistia.net www.g2.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com 4 frame-ancestors "self" www.charleskeith.com www.pedroshoes.com 4 frame-ancestors 'self' https://duffandphelps.360learning.com 4 default-src 'self' cdn-vsh.prague.eu;font-src 'self' cdn-vsh.prague.eu data: fonts.gstatic.com *.cachefly.net *.platnosci.pl www.praguecitytourism.cz www.praguecitytourism.com;connect-src 'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com *.doubleclick.net *.google-analytics.com www.praguecitytourism.cz www.praguecitytourism.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com cdn.tiny.cloud *.gstatic.com www.praguecitytourism.cz www.praguecitytourism.com;form-action 'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl *.google-analytics.com tickets.colosseum.eu;frame-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz *.imedia.cz app.powerbi.com;child-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz *.imedia.cz app.powerbi.com;frame-ancestors 'self' cdn-vsh.prague.eu;img-src 'self' cdn-vsh.prague.eu data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl *.tinymce.com *.seznam.cz www.praguecitytourism.cz www.praguecitytourism.com;style-src 'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl cdn.tiny.cloud www.praguecitytourism.cz www.praguecitytourism.com;object-src 'self' cdn-vsh.prague.eu 4 connect-src 'self' *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://*.onlim.com wss://app.onlim.com/api/cs/ws wss://api.onlim.com/cs/ws *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at; style-src 'self' styles.wienerstadtwerke.at 'unsafe-inline' fonts.googleapis.com *.onlim.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.chatvisor.com; base-uri 'self' *.onlim.com; script-src *.googletagmanager.com/ connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at *.onlim.com *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self'; frame-src *.facebook.com lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self'; media-src 'self' data: *.onlim.com; img-src *.facebook.com facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self'; default-src 'self'; font-src 'self' *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com; 4 default-src 'unsafe-inline' 'unsafe-eval' https: data:; object-src 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests 4 base-uri 'self'; style-src 'self'; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'none' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 4 upgrade-insecure-requests; frame-ancestors 'none' 4 default-src 'self'; block-all-mixed-content; script-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jtl-software.com https://jira.jtl-software.de https://maps.googleapis.com https://www.youtube.com https://stats.jtl-software.de https://www.google.com https://www.gstatic.com https://consent.jtl-software.de https://snap.licdn.com https://tpc.googlesyndication.com data:; img-src 'self' https://i.ytimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.de https://bat.bing.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com https://bilder.jtl-software.de https://cdn.jtl-software.com https://lh3.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://cbks0.googleapis.com/ https://geo0.ggpht.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.jtl-software.de https://stats.jtl-software.de https://www.google.com https://img.youtube.com https://consent.jtl-software.de https://www.google.ch https://www.google.de https://www.google.at https://www.google.pl https://www.google.com.ua https://www.google.com.pk https://www.google.hu https://www.google.co.uk https://www.google.dk https://www.google.br https://www.google.it https://www.google.ae https://www.google.ca https://www.google.hr https://www.google.com.au https://www.google.sk https://www.google.es https://www.google.ie https://www.googletagmanager.com https://www.google.com.tr https://www.google.cz https://www.google.be https://www.google.co.in https://www.google.ge https://www.google.nl https://www.google.lu https://www.google.fr data:; style-src 'self' 'unsafe-inline' https://cdn.jtl-software.com https://fonts.googleapis.com https://www.google.com https://consent.jtl-software.de; font-src 'self' https://cdn.jtl-software.com https://fonts.gstatic.com https://fonts.googleapis.com data:; frame-src 'self' https://bid.g.doubleclick.net https://www.facebook.com/ https://www.youtube.com https://www.google.com https://jira.jtl-software.de https://consent.jtl-software.de; form-action 'self' https://kundencenter.jtl-software.de https://jtl-software.us9.list-manage.com https://checkout.jtl-software.com/ https://www.facebook.com; base-uri 'self'; connect-src 'self' https://api.personio.de https://adservice.google.com https://bat.bing.com https://www.facebook.com https://stats.g.doubleclick.net/ https://www.google-analytics.com https://www.google.com https://stats.jtl-software.de https://consent.jtl-software.de; manifest-src 'self'; media-src 'self'; worker-src 'self' https://www.google.com; frame-ancestors 'self'; report-uri https://report.api.jtl-software.com/csp/; 4 default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; 4 default-src 'self' https://* 'unsafe-eval' 'unsafe-inline' data:; frame-src 'self' mailto: https://*.legrandav.com https://*; connect-src 'self' wss://*.mypurecloud.com/ wss://*.hotjar.com/ https://*; 4 frame-ancestors 'self' http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888poker.ca *.888sport.ca *.888casino.ca *.888.ca cmsp; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 4 upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 4 default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data: https:; font-src * 'self' data: https:; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; base-uri *; 4 upgrade-insecure-requests; form-action 'self' 4 frame-ancestors 'self' *.qfc.cn *.tnc.com.cn www.zhidaoai.com *.aliyuncs.com *.aliyun.com *.ctcn.com.cn 4 frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 4 default-src 'self' https://*.extole.io https://*.xtlo.net; object-src 'self'; child-src 'self' ujet.co *.ujet.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forter.com *.go2bank.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://api.cloudsponge.com; connect-src 'self' *.go2bank.com *.google-analytics.com *.appsflyer.com *.go2bank.com *.appsflyer.com go2bank.sjv.io kampyle.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.extole.io https://*.xtlo.net; img-src 'self' i.ytimg.com *.go2bank.com *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob: https://*.extole.io https://*.xtlo.net data: https://api.cloudsponge.com https://*.walmartmoneycard.com ; style-src 'self' 'unsafe-inline' *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: kampyle.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com; frame-ancestors 'self' https://*.greendot.com https://*.go2bank.com https://*.walmartmoneycard.com;; 4 base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://*.vee24.com https://dpm.demdex.net https://kbc.symex.be https://uat.serversidegraphics.com https://uk.personalcard.net https://www.facebook.com wss://*.vee24.com https://*.contentsquare.net https://admp-tc-mediahuis.adtlgc.com https://aapmbea2.be.srv.dev.sys:8200 https://*.contentsquare.net; child-src 'self' blob: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://*.vee24.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/; default-src 'none'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://fonts.googleapis.com https://fonts.gstatic.com https://static.vee24.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.com https://*.kbcgroup.eu https://*.vee24.com https://*.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://*.vee24.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.contentsquare.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://*.adobemc.com https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://*.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://maps.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://scomcluster.cxense.com https://secure.adnxs.com https://static.vee24.com https://t.co https://touch.azureedge.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.be https://www.google.com https://www.googleadservices.com https://img.youtube.com https://*.truste.com https://*.trustarc.com https://cdn.publish.macrobond.net https://*.cxense.com https://*.contentsquare.net; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.kbc-group.com https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://static.vee24.com https://web.vee24.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://t.contentsquare.net https://contentsquare.com https://code3.adtlgc.com https://*.trustarc.com https://*.truste.com https://*.cxense.com https://shared.mediahuis.be https://t.contentsquare.net https://contentsquare.com https://*.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://cdn.tt.omtrdc.net https://fonts.googleapis.com https://static.vee24.com; manifest-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://cdn.tt.omtrdc.net https://fonts.googleapis.com https://static.vee24.com; worker-src blob:; 4 frame-ancestors 'self' https://app.storyblok.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com; connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* ws://127.0.0.1:* https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https: http: https://cdn.amplitude.com https://api.amplitude.com https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://boards-api.greenhouse.io https://api.statuspage.io https://pgncd.notion.so; font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com; img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com; frame-src https: http:; media-src https: http: 4 frame-ancestors https://*.flexera.com https://*.flexerasoftware.com https://*.revenera.com https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.parp.gov.pl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://stats.g.doubleclick.net; 4 frame-ancestors 'self' https://webtour360.ru https://new-depo.ru https://depomoscow.ru https://360space.ru https://vseapteki.ru; 4 frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://sentry.services.dkms.org/api/6/security/?sentry_key=5746df48c2bc47349567ad881277c754; default-src 'self' https:; style-src 'self' 'unsafe-inline' *.googleapis.com *.reciteme.com *.piwik.pro; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dkmscdn.net *.piwik.pro *.criteo.com *.criteo.net *.googleapis.com *.facebook.net *.twitter.com *.instagram.com *.reciteme.com; connect-src 'self' *.kc-usercontent.com *.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.piwik.pro *.criteo.com *.criteo.net *.googleapis.com *.ingest.sentry.io *.dkms.org *.dkms.de *.dkms-bmst.org *.dkms.org.uk *.dkms.org *.dkms.pl *.dkms.cl *.dkms-africa.org *.dkms-lab.de *.reciteme.com https://connect.facebook.net https://platform.twitter.com https://platform.twitter.com; img-src 'self' data: *.dkmscdn.net https://d20vwa69zln1wj.cloudfront.net *.kc-usercontent.com *.piwik.pro *.facebook.com *.gstatic.com *.googleapis.com *.reciteme.com *.snapscan.io *.zapper.com *.ytimg.com; font-src 'self' data: *.gstatic.com *.reciteme.com *.piwik.pro; frame-src 'self' *.dkmscdn.net *.reciteme.com *.youtube-nocookie.com *.twitter.com *.facebook.com *.instagram.com *.criteo.com *.piwik.pro; object-src 'none'; form-action 'self'; 4 frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com *.medical-xprt.com medical-xprt.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net adservice.google.com *.adservice.google.com cardinalcommerce.com *.cardinalcommerce.com paypal.com *.paypal.com *.d35rpq4gusjz9h.cloudfront.net d35rpq4gusjz9h.cloudfront.net; frame-ancestors 'self' *.environmental-expert.com *.xprt.com *.agriculture-xprt.com *.energy-xprt.com *.medical-xprt.com environmental-expert.com xprt.com agriculture-xprt.com energy-xprt.com medical-xprt.com 4 : default-src 'self' 4 default-src 'self' cdn.register.to 'unsafe-eval' https:; font-src 'unsafe-inline' https: data:; img-src 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.register.to tld.register.to cdn.ywxi.net www.google-analytics.com seal.websecurity.norton.com s3-us-west-2.amazonaws.com www.trustedsite.com cdn.jsdelivr.net www.google.com cdn.datatables.net https:; style-src 'unsafe-inline' https:; manifest-src 'self' cdn.register.to 'unsafe-eval' https:; 4 default-src * 'unsafe-inline' 'unsafe-eval' data:; media-src * blob:; child-src * blob:; report-uri /report-csp-violation 4 default-src 'self'; upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mbb.eet-china.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://pos.baidu.com https://www.eet-china.com https://static-eetc.oss-cn-shenzhen.aliyuncs.com https://dup.baidustatic.com https://site.eet-china.com https://apps.bdimg.com https://www.googletagmanager.com https://hm.baidu.com https://www.googletagservices.com https://www.google-analytics.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://adservice.google.com https://res.wx.qq.com; style-src 'unsafe-inline' https:;font-src https: data:; img-src data: blob: https:;connect-src https:;frame-src https:;media-src https: 4 frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 4 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io *.traderstation-international.com; 4 default-src 'self' blob: https://*.map.qq.com ; connect-src 'self' https://*.mapbox.com https://*.tiles.mapbox.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.googlesyndication.com https://translate.googleapis.com https://*.parkopedia-ppds.com https://*.google.com https://slack.com https://*.parkopedia.com https://*.primer.io *.cardinalcommerce.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.map.baidu.com https://*.baidu.com https://*.bdstatic.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://d.adroll.mgr.consensu.org https://*.primer.io https://*.google.com https://*.google.gr *.cardinalcommerce.com includestest.ccdc02.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.map.baidu.com https://*.baidu.com https://*.bdstatic.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://d.adroll.mgr.consensu.org https://*.primer.io https://*.google.com https://*.google.gr *.cardinalcommerce.com includestest.ccdc02.com;style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://*.fuelcdn.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.fontawesome.com https://*.tiles.mapbox.com https://*.gstatic.com https://*.mapbox.com https://unpkg.com https://*.primer.io;font-src 'self' 'unsafe-inline' chrome-extension data: https: https://*.fontawesome.com http://fonts.gstatic.com;img-src 'self' blob: data: https: http://p.parkopedia.com http://p.parkopedia.cn http://*.openstreetmap.org;frame-src 'self' https://*.g.doubleclick.net https://*.qq.com https://*.google.com https://*.stripe.com https://*.googlesyndication.com https://*.parkopedia.com https://*.parkopedia.co.uk https://*.dcos.parkopedia.com https://*.localhost.com https://*.localhost.co.uk https://www.recaptcha.net https://*.primer.io https://*.parkopedia-ppds.com *.cardinalcommerce.com;object-src blob: data: https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.localhost.com https://*.parkopedia.com;report-uri https://csp.parkopedia.com/api/csppolicyreport/?apiver=23&cid=avalon_iu4ryufghgjrf 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://discoverireland.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://googleads.g.doubleclick.net https://script.hotjar.com https://scripts.hotjar.com https://in.hotjar.com https://vars.hotjar.com https://static.hotjar.com https://vc.hotjar.io https://surveystats.hotjar.io https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google.ie https://www.googleadservices.com https://optimize.google.com https://www.googleoptimize.com; img-src 'self' data: blob: https://discoverireland.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://googleads.g.doubleclick.net https://script.hotjar.com https://scripts.hotjar.com https://in.hotjar.com https://vars.hotjar.com https://static.hotjar.com https://vc.hotjar.io https://surveystats.hotjar.io https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google.ie https://www.google.es https://www.google.co.uk https://www.google.de https://www.google.fr https://www.google.it https://www.googleadservices.com https://s3.amazonaws.com https://img.youtube.com https://i.ytimg.com; frame-ancestors 'none'; form-action 'self' https://analytics-eu.clickdimensions.com https://www.facebook.com 4 frame-ancestors 'self' https://*.ci360.sas.com; 4 frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com 4 frame-ancestors 'self' https://*.ardxdigital.com; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://script.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com https://consent.cookiebot.com https://e.infogram.com https://prezi.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://cloud.typenetwork.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://*.wistia.com https://cloud.typenetwork.com https://static.hotjar.com https://fonts.gstatic.com; img-src 'self' https://insights.hotjar.com https://static.hotjar.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data: https://bclplaw.vuturevx.com https://www.bclplaw.com https://www.bryancave.com; connect-src 'self' https://*.hotjar.com:* wss://*.hotjar.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com https://www.google-analytics.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com https://e.infogram.com https://prezi.com https://consentcdn.cookiebot.com; child-src 'self' https://vars.hotjar.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net; 4 frame-ancestors officiallondontheatre.com *.officiallondontheatre.com uktheatre.org *.theatretokens.com *.solt.co.uk *.theatreartists.fund *.theatrehelpline.org *.theatremeansbusiness.info; default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 4 script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src 'none' ;base-uri 'none'; upgrade-insecure-requests; frame-ancestors 'self'; 4 upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at https://www.youtube.com; 4 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 4 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 4 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://stats.g.doubleclick.net/ https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 4 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net data:; font-src 'self' *.gstatic.com *.fontawesome.com data:; img-src * data:; 4 default-src 'self'; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors * 'self' data: https: blob: 4 frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com; 4 default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com 4 frame-ancestors 'self' www.roompotpsa.eu survey.insocial.nl www.detolplas.nl www.familieparken.nl www.onsvakanties.nl www.vakantieparkhellendoorn.nl www.vakantievilla-met-prive-zwembad.nl www.strandparkzeeland.nl www.kronenburgersee.nl kronenburgersee.nl www.eifelpark-eks.de www.duinresortdunimar.nl dev72.lined.nl 89051.afasinsite.nl www.detwentsehoeve.nl www.edeka-reisen.de www.edeka-urlaubswelt.de www.edeka-reiselust.de www.htc-reisen.de www.mein-kleiner-urlaub.de www.bungalowpark-veluwsehoevegaerde.nl www.deriethorst.com www.drentsewold.nl f.insocial.nl; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; 4 object-src 'none'; form-action 'self'; frame-ancestors 'none' 4 frame-ancestors 'self' http://www.axe.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 4 script-src 'self' 'unsafe-inline' 4 base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.romeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 4 base-uri self 4 frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net www.onlinechatcenters.com *.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com googleads.g.doubleclick.net data:; style-src 'unsafe-inline' 'self' fonts.gstatic.com www.gstatic.com fonts.googleapis.com tagmanager.google.com 4 frame-ancestors 'self' wbpa.wdo.io ru.wotblitz.com eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 4 frame-ancestors 'self' *.cogecomedia.com *.cogecolive.com *.gestionradioqc.com;upgrade-insecure-requests 4 frame-ancestors 'self' http://*.cheltenham.ecctis.co.uk; 4 frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 4 frame-ancestors 'self' https://www.bosoy-online.com 4 frame-ancestors 'self' apac.marketing.adobe.com 4 default-src * 'unsafe-inline' data: 'unsafe-eval'; 4 style-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 4 frame-ancestors 'self' *.promod.fr *.promod-dev.fr *.promod.com *.promod.de *.promod.pl *.promod.it *.promod.ch *.promod.cz *.promod.es *.promod.co.uk *.promod.eu *.promod.hu *.wonderpush.com 4 frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 4 default-src * data: 'unsafe-inline' 'unsafe-eval'; 4 frame-ancestors 'none'; report-uri https://csp-report.airfrance.fr/; script-src 'self' https://*.klm.com https://*.flyingblue.com https://gateway.zscalertwo.net https://gateway.zscloud.net https://*.accorhotels.com https://*.accor.com https://*.usabilla.com https://*.hotjar.com https://*.decibelinsight.net https://*.google.com https://*.google-analytics.com https://*.salesforceliveagent.com/ https://*.qualtrics.com https://*.r42tag.com https://*.relay42.com https://*.optimizely.com 'unsafe-eval' 'unsafe-inline' 4 default-src https: wss: 'self' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com nimbleswan.io static.tagboard.com; style-src 'self' https: 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; img-src 'unsafe-eval' https: data: blob: mediastream:; media-src https: 'self' *.mightycause.com w.chatlio.com blob:; font-src https: data: 'self' *.mightycause.com *.gstatic.com cdn.embedly.com; manifest-src 'self' *.mightycause.com; report-uri https://mightycause.report-uri.com/r/d/csp/reportOnly 4 frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 4 frame-ancestors 'self' hivebrite.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 4 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 4 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4 frame-ancestors 'self' *.usabilla.com https://frontend.pttn.com https://d6tizftlrpuof.cloudfront.net; 4 default-src 'self' data: file: blob: filesystem: *.advarra.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.advarra.com *.cookiepro.com *.driftt.com *.facebook.com *.facebook.net *.fbevents.js *.google-analytics.com *.googlesyndication.com *.google.com *.googleadservices.com *.googletagmanager.com googleads.g.doubleclick.net *.hotjar.com *.licdn.com px.ads.linkedin.com *.litix.io *.marketo.com *.marketo.net *.newrelic.com *.nr-data.net *.omappapi.com *.onetrust.com *.ads-twitter.com *.twitter.com *.wistia.com *.wistia.net *.zoominfo.com; style-src 'self' 'unsafe-inline' *.advarra.com *.cookiepro.com *.google.com *.googletagmanager.com *.googleapis.com *.marketo.com *.typekit.net; img-src 'self' data: a.omappapi.com *.advarra.com *.adsymptotic.com *.cookiepro.com *.facebook.com *.facebook.net *.googlesyndication.com *.google-analytics.com *.google.com googleads.g.doubleclick.net *.googletagmanager.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net secure.gravatar.com t.co px.ads.linkedin.com px4.ads.linkedin.com *.linkedin.com; font-src 'self' data: *.typekit.net fonts.gstatic.com; connect-src 'self' *.advarra.com *.cookiepro.com *.fbevents.js *.facebook.com *.google.com *.googlesyndication.com www.google-analytics.com wss://ws7.hotjar.com *.hotjar.com *.hotjar.io *.omappapi.com *.litix.io *.mktoresp.com *.mktoutil.com *.nr-data.net stats.g.doubleclick.net *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; media-src 'self' data: file: blob: filesystem: *.advarra.com embedwistia-a.akamaihd.net *.wistia.com *.wistia.net; object-src *; frame-src 'self' *.advarra.com *.driftt.com *.facebook.com bid.g.doubleclick.net *.hotjar.com *.google.com *.googlesyndication.com *.marketo.com t.co embedwistia-a.akamaihd.net *.wistia.net *.wistia.com *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' *.advarra.com *.forteresearch.com *.forteresearchapps.com *.nimblify.com *.tableau.com; block-all-mixed-content 4 frame-ancestors 'self' http://webvisor.com; 4 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 4 default-src https: wss: 'unsafe-eval' 'unsafe-inline'; media-src 'self' data: blob: https:; object-src 'self' blob:; img-src 'self' data: https: blob:; font-src 'self' data: https:; frame-ancestors 'self' https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 4 default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; child-src * 'self' blob: http:;font-src * data: 4 default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.eu01.nr-data.net s-agent.newrelic.com sp.analytics.yahoo.com s.yimg.com userprotect.de.stihl-dns.net tagmanager.google.com www.google-analytics.com www.googletagmanager.com analytics-udg.netdna-ssl.com assets.adobedtm.com maps.googleapis.com typekit.net *.typekit.net *.adyen.com *.geoplugin.net *.openweathermap.org *.google.com *.google.de *.gstatic.com *.criteo.net *.criteo.com *.g.doubleclick.net *.facebook.net *.bing.com *.outbrain.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.ytimg.com *.mouseflow.com *.pinimg.com *.excentos.com *.media01.eu *.googleadservices.com *.en25.com *.oracleinfinity.in *.maxymiser.net *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com *.stihl.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.tiqcdn.com *.google.com *.unpkg.com unpkg.com *.guuru.com *.tealiumiq.com *.newrelic.com *.b2x-env.cloud; connect-src 'self' *.pinterest.com s.yimg.com bam.eu01.nr-data.net *.youtube-nocookie.com *.google.com *.google.de analytics.google.com *.g.doubleclick.net *.bing.com stihl-sso.com stihl.tui-servicelayers.io ext.nonstoppartner.net www.google-analytics.com *.omtrdc.net *.demdex.net adobeioruntime.net *.adobeioruntime.net maps.googleapis.com typekit.net *.typekit.net *.mouseflow.com stihlb2bdocuments.blob.core.windows.net *.excentos.com *.media01.eu checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com ssl.geoplugin.net collect.tealiumiq.com api.openweathermap.org *.guuru.com; img-src 'self' *.criteo.com *.smaato.net *.pinterest.com *.pinterest.de *.google.ch *.doubleclick.net *.rubiconproject.com *.smartadserver.com *.3lift.com *.adnxs.com *.yahoo.com *.casalemedia.com *.pubmatic.com *.360yield.com *.openx.net *.twiago.com *.adscale.de *.adform.net *.advertising.com *.teads.tv *.media.net *.yieldlab.net *.omnitagjs.com *.bidswitch.net *.sharethrough.com *.ivitrack.com *.e-planning.net *.stickyadstv.com *.tremorhub.com *.taboola.com *.googleusercontent.com *.youtube-nocookie.com *.atdmt.com *.criteo.net *.ytimg.com stats.g.doubleclick.net *.google.com *.google.de www.google-analytics.com www.googletagmanager.com *.facebook.com *.bing.com *.outbrain.com *.everesttech.net *.demdex.net *.omtrdc.net static.stihl.com *.stihlusa.com typekit.net *.typekit.net *.gstatic.com maps.googleapis.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com data: *.mouseflow.com *.excentos.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com *.stihl.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.facebook.net *.googleadservices.com *.maxymiser.net *.mgid.com *.guuru.com *.kargo.com *.liadm.com *.smartclip.net *.addthis.com *.yandex.ru *.b2x-env.cloud *.tealiumiq.com *.postrelease.com *.krxd.net *.tapad.com *.yieldmo.com *.thebrighttag.com *.bluekai.com *.clmbtech.com *.ants.vn *.rlcdn.com *.fwnm.net *.microad.jp; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.excentos.com *.googletagmanager.com; font-src 'self' cdnjs.cloudflare.com *.typekit.net typekit.net fonts.googleapis.com fonts.gstatic.com data: *.mouseflow.com *.excentos.com *.guuru.com; frame-src 'self' *.criteo.net userprotect.de.stihl-dns.net *.criteo.com e.video-cdn.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.demdex.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com static.stihl.com *.fls.doubleclick.net *.mouseflow.com *.excentos.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com *.redintelligence.net track.adform.net pixel.mathtag.com *.fls.doubleclick.net *.maxymiser.net *.guuru.com; child-src 'self' *.mouseflow.com *.guuru.com 4 img-src * data: blob: 4 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 4 frame-ancestors 'self' https://*.moody.edu 4 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com google-analytics.com static.hotjar.com js.hsforms.net js.hs-scripts.com cdn.bizible.com *.wistia.com *.doubleclick.net 4 frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 4 default-src 'self' https://*.ean.com https://*.google.ie https://*.facebook.com https://*.facebook.net https://*.expediapartnersolutions.com https://*.leadspace.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://js-agent.newrelic.com https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com data: 'unsafe-eval' 'unsafe-inline' 4 frame-ancestors 'self' http://bleudigo.the513.top https://www.indigo-net.com https://www.indigo.fr; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: bing.com *.bing.com youtube.com *.youtube.com *.wistia.net wistia.net wistia.com *.wistia.com happyfoxchat.com *.happyfoxchat.com *.dianomi.com itstracking.com *.angelpub.com *.angelnexus.com *.wealthdaily.com *.energyandcapital.com *.outsiderclub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.gstatic.com *.googletagmanager.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googleusercontent.com *.googleoptimize.com *.blueconic.net *.doubleclick.net *.cloudflare.com *.criteo.net *.criteo.com addevent.com *.addevent.com *.bootstrapcdn.com *.rawgit.com *.github.io *.jquery.com *.pingdom.net *.taboola.com *.outbrain.com *.hotjar.com *.yahoo.com *.liadm.com *.yimg.com *.twimg.com *.twitter.com *.ads-twitter.com *.pinimg.com *.pinterest.com *.onesignal.com onesignal.com *.litix.io *.soundcloud.com *.akamaihd.net *.amzglt.com amzglt.com t.co lockerdome.com trk.lockerdome.com *.zedo.com cm.mgid.com *.go2cloud.org bbm.iljmp.com secure.verifiedlink.net px.khmtrack.com tracking.imspublishergroup.com cdn.jsdelivr.net powerinboxedge.com *.powerinboxedge.com lockerdomecdn.com *.lockerdomecdn.com *.norton.com *.facebook.net *.facebook.com; style-src 'self' 'unsafe-inline' onesignal.com *.github.io *.twitter.com *.twimg.com cdn.jsdelivr.net *.outsiderclub.com *.energyandcapital.com *.wealthdaily.com *.angelpub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.bootstrapcdn.com *.googleapis.com; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.kaltura.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://hosting.img.dk https://siteimproveanalytics.com https://*.global.siteimproveanalytics.io https://alarmeringsapp.like.st; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://*.google.com https://www.dmi.dk 4 default-src 'self' 'unsafe-inline' *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com s.ytimg.com *.googletagmanager.com *.google-analytics.com *.serving-sys.com *.ads-twitter.com *.twitter.com *.facebook.net *.readspeaker.com sadmin.brightcove.com syndication.twitter.com cdn.syndication.twimg.com tagmanager.google.com *.vimeocdn.com; img-src 'self' data: ssl.gstatic.com https://files.fundacionlacaixa.org https://cdn.cookielaw.org *.atdmt.com www.gstatic.com *.youtube.com *.google-analytics.com *.ads-twitter.com *.facebook.net *.facebook.com t.co fonts.googleapis.com stats.g.doubleclick.net caixaforum.emexs.es cosmocaixa.emexs.es ucarecdn.com *.readspeaker.com syndication.twitter.com *.twimg.com platform.twitter.com *.fbcdn.net *.ytimg.com *.cdninstagram.com *.vimeocdn.com; frame-src 'self' https://secure-ds.serving-sys.com fls.doubleclick.net open.spotify.com caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com www.google.com *.readspeaker.com platform.twitter.com players.brightcove.net syndication.twitter.com player.vimeo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com caixaforum.emexs.es cosmocaixa.emexs.es *.readspeaker.com platform.twitter.com *.twimg.com tagmanager.google.com *.vimeocdn.com; font-src 'self' data: *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://secure-ds.serving-sys.com https://privacyportal-eu.onetrust.com https://cdn.cookielaw.org caixaforum.emexs.es cosmocaixa.emexs.es 4 default-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 4 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com; connect-src 'self' nzdf.test:8080; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 4 default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 4 default-src: 'self'; 4 frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 4 default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' http: data: 4 upgrade-insecure-requests; default-src 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.linkedin.com *.bizographics.com *.loggly.com *.doubleclick.net *.wistia.com *.twimg.com *.twitter.com *.googleadservices.com *.facebook.com *.googletagmanager.com *.snapengage.com *.visualwebsiteoptimizer.com *.facebook.net *.iforex.com *.google-analytics.com *.bootstrapcdn.com *.youtube.com *.wistia.net *.opmnstr.com *.webapi-services.net *.googlesyndication.com *.optnmnstr.com *.mxpnl.net https://pixel-tracking.appspot.com https://pixelmachine-981.appspot.com *.mte-media.com mte-media.com *.typekit.net *.optimizely.com d5phz18u4wuww.cloudfront.net *.hotjar.com *.ads-twitter.com *.finadsr.com wcs.naver.net *.criteo.net *.criteo.com https://s.yimg.com https://sp.analytics.yahoo.com *.fihtrader.com *.vestle.com; img-src 'self' data: blob: *; font-src 'self' data: blob: *.gstatic.com *.bootstrapcdn.com *.typekit.net *.webapi-services.net *.hotjar.com; connect-src 'self' data: *.doubleclick.net *.facebook.com *.wistia.com https://embedwistia-a.akamaihd.net *.googletagmanager.com *.opmnstr.com *.mxpnl.net *.iforex.com *.webapi-services.net *.litix.io *.hotjar.io *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.finadsr.com *.snapengage.com *.criteo.com *.criteo.net *.iforex.co.uk *.vestle.com *.toredofx.com https://s.yimg.com *.fihtrader.com; child-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-src 'self' data: gap: *.webapi-services.net *.facebook.com *.twitter.com *.google.com *.linkedin.com *.snapengage.com *.youtube.com *.wistia.com *.googlesyndication.com *.googletagmanager.com *.iforex.com https://fast.wistia.net *.hotjar.com *.criteo.com; media-src 'self' blob: data: *.iforex.com *.webapi-services.net *.gstatic https://embedwistia-a.akamaihd.net *.mte-media.com *.snapengage.com *.wistia.com; object-src 'self' https://embed-ssl.wistia.com *.mte-media.com; worker-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-ancestors 'self' *.iforex.com *.iforex.co.uk *.vestle.com *.toredofx.com; report-uri https://content.webapi-services.net/api/cspreport; 4 default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 4 img-src http: https: blob: data: 'unsafe-inline' 'unsafe-eval'; default-src http: https: blob: data: 'unsafe-inline' 'unsafe-eval' 4 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 4 default-src https: 'unsafe-inline' 'unsafe-eval' data:; 4 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;media-src 'self' 'unsafe-inline' *;font-src 'self' 'unsafe-inline' *;frame-src 'self' *; img-src 'self' data: *;connect-src * 4 default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 4 default-src 'self' consentcdn.cookiebot.com *.adobe.com bcove.video optimize.google.com *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.media.brightcove.com hlstoken-a.akamaihd.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com manifest.prod.boltdns.net eba-api.uk.experian.com smeservices.uk.experian.com *.hotjar.com sjs.bizographics.com cdn.taboola.com trc.taboola.com *.js.ubembed.com *.events.ubembed.com assets.ubembed.com www.dwin1.com bat.bing.com t.co cdn.smct.co smct.co j.flxpxl.com *.doubleclick.net www.googleadservices.com www.google.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com ssl.gstatic.com www.google-analytics.com ssl.google-analytics.com adservice.google.com adservice.google.co.uk ajax.googleapis.com www.google.co.uk analytics.twitter.com platform.twitter.com static.ads-twitter.com *.linkedin.com www.facebook.com connect.facebook.net *.outbrain.com builder-assets.unbounce.com *.boldchat.com www.dianomi.com *.pingdom.net *.cloudfront.net *.eloqua.com *.quantserve.com rules.quantcount.com img.en25.com snap.licdn.com secure.livechatinc.com maxcdn.bootstrapcdn.com *.gstatic.com experian-thinking.s3-eu-west-1.amazonaws.com cdn.livechatinc.com themes.googleusercontent.com translate.googleapis.com *.experian.com ui.customsearch.ai hosteduxprod.blob.core.windows.net *.brightcove.com *.brightcove.net vjs.zencdn.net *.adobedtm.com *.demdex.net *.omniture.com *.youtube.com *.hotjar.io; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net https://www.youtube.com https://s.ytimg.com https://cdn.sendpulse.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com; style-src 'self' 'unsafe-inline' data: https://cdn.sendpulse.com https://fonts.googleapis.com https://platform.twitter.com; img-src 'self' data: https://* http://*; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://push.newsdaily.biz; 4 default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.reachtheworldonfacebook.com reachtheworldonfacebook.com;style-src data: blob: 'unsafe-inline' * *.reachtheworldonfacebook.com reachtheworldonfacebook.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' media-dev-reachtheworldonfacebook.s3.us-east-2.amazonaws.com media-reachtheworldonfacebook.s3.ap-southeast-1.amazonaws.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.mktoresp.com;font-src * data: blob: 'self' *.reachtheworldonfacebook.com reachtheworldonfacebook.com;img-src * data: blob: 'self' *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.google-analytics.com;media-src * data: blob: 'self' *.reachtheworldonfacebook.com reachtheworldonfacebook.com;frame-src * data: blob: 'self' *.reachtheworldonfacebook.com reachtheworldonfacebook.com;block-all-mixed-content;upgrade-insecure-requests; 4 frame-ancestors 'self' https://*.superoffice.com 4 frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 4 frame-ancestors 'self' *.canotech.fr *.mathador.fr *.reseau-canope.fr *.edutheque.fr *.viaeduc.fr *.quiziniere.com 4 frame-ancestors https://100jahre.caritas-stpoelten.at/ https://abrakadabra.caritas-tirol.at/ https://abz-wielandgasse.caritas-steiermark.at/ https://agkom.caritas.at/ https://aguk.caritas.at/ https://agyoungcaritas.caritas.at/ https://www.caritas-stadtteilarbeit.at/ https://freiwillige.caritas-wien.at/ https://fs-grabenstrasse.caritas-steiermark.at/ https://spenden.helfen.at/ https://hlw.caritas-kaernten.at/ https://intern.sob-linz.at/ https://jahresbericht.caritas-stpoelten.at/ https://la-rottenmann.caritas-steiermark.at/ https://seegasse.caritas-wien.at/ https://sob.caritas-kaernten.at/ https://sob.caritas-wien.at/ https://test04.caritas.at/ https://test11.caritas.at/ https://test13.caritas.at/ https://test20.caritas.at/ https://vorlagen.caritas.at/ https://wirkungsbericht.caritas-burgenland.at/ https://wirkungsbericht.caritas-salzburg.at/ https://wirkungsbericht.caritas-wien.at/ https://www.caritas.at/ https://www.caritas-austria.at/ https://www.caritas-bigs.at/ https://www.caritas-bildungszentrum.at/ https://www.caritas-burgenland.at/ https://www.caritas-commit.at/ https://www.caritas-foundation.at/ https://www.caritas-jobs.at/ https://www.caritas-kaernten.at/ https://www.caritas-leo.at/ https://www.caritas-linz.at/ https://www.caritas-ooe.at/ https://www.caritas-pflege.at/ https://www.caritas-rundumbetreut.at https://www.caritas-salzburg.at/ https://www-caritas-salzburg-at.caritas.host https://www.caritas-schulen.at/ https://www.caritas-steiermark.at/ https://www.caritas-stiftung.at/ https://www.caritas-stpoelten.at/ https://www.caritas-tirol.at/ https://www.caritas-vorarlberg.at/ https://www.caritas-wien.at/ https://www.caritas-wiewirwirken.at/ https://www.caritasabend.at/ https://www.caritasakademie.at/ https://www.carla.at/ https://www.carla-vorarlberg.at/ https://www.carla-wien.at/ https://www.diesozialschule.at/ https://www.fsbwr-neustadt.ac.at/ https://www.hilfswerk-sr-emmanuelle.at/ https://www.homelessworldcup.at/ https://www.internationalerfreiwilligeneinsatz.at/ https://www.josee.at/ https://www.junges-wohnen.at/ https://www.lebensraeume-caritas.at/ https://www.neuearbeit.or.at/ https://www.obenauf.cc/ https://www.paraplue-steyr.at/ https://www.patenschaften.at/ https://www.perspektive-handel.at/ https://www.project-bera.eu/ https://www.schule-am-himmel.at/ https://www.schwangerenberatung.at/ https://www.sob-caritas.at/ https://www.sob-linz.at/ https://www.speisewagen-caritas.at/ https://www.unser-wirken.caritas-kaernten.at/ https://www.winternothilfe.at/ https://www.zeitschenken.at/ https://www.gruft.at/ https://www.opentalk.at/; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googletagmanager.com *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googleapis.com *.paypal.com *.paypalobjects.com *.youtube.com; img-src 'self' data: *.google.ch *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.ytimg.com 4 script-src 'self' 'unsafe-eval' 'unsafe-inline' * 4 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:; 4 default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 4 frame-ancestors 'self' *.azdev.direct *.adobe.com 4 default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com 4 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 4 object-src 'none'; form-action 'self' 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 4 frame-ancestors 'self' godaddy.com *.godaddy.com test-godaddy.com *.test-godaddy.com dev-godaddy.com *.dev-godaddy.com *.dev-godaddy.com:8443 4 frame-ancestors 'self' piwik.mpg.de statistics.mpg.de analytics.mpg.de; 4 default-src https: ws: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://affiliate.fwd.com.ph https://portal.fwd.com.vn https://affiliate.ifwd.co.id https://www.fwd.com.my; 4 default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: piwik.bmvg.de *.video-cdn.net *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://piwik.bmvg.de/report-uri/ 4 default-src https: 'unsafe-inline' 'unsafe-eval'; 4 default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 4 frame-ancestors 'self' http://odc.world http://www.odc.world https://odc.world https://www.odc.world http://testspace.brain-berlin.com https://testspace.brain-berlin.com; 4 default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 4 report-to 'none' 4 default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 4 default-src https: http: data: wss: blob: 'unsafe-inline'; object-src 'none'; script-src 'self' https: http: 'unsafe-eval' 'unsafe-inline' 4 frame-ancestors 'self' https://app.socialscreen.com 4 default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 4 default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com 'unsafe-eval'; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au mipubapistorageprod.blob.core.windows.net; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com mipubapistorageprod.blob.core.windows.net; frame-src 'self' *.youtube.com *.vimeo.com *.googletagmanager.com *.google.com *.facebook.com *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com 4 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4 default-src * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 4 script-src https://translate.google.com/ https://translate.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://translate.googleapis.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; default-src 'self'; frame-src https://docs.e-iepdata.com 'self'; font-src https://fonts.gstatic.com/ 'self'; img-src data: https: 'self'; connect-src https://*.e-iepdata.com https://translate.googleapis.com/ 'self'; 4 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; upgrade-insecure-requests; report-uri https://uvinum.report-uri.io/r/default/csp/enforce 4 frame-ancestors 'self' https://helicon.webhare.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com *.livechatinc.com https://analytics.ajla.net https://js-agent.newrelic.com/nr-1184.min.js https://bam.nr-data.net 4 default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; 4 default-src 'self' *.googlesyndication.com *.hotjar.com; connect-src 'self' wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com *.hotjar.com *.hotjar.io wss://*.hotjar.com securepubads.g.doubleclick.net stats.g.doubleclick.net *.gstatic.com *.google-analytics.com *.googlesyndication.com *.bugsnag.com *.biznettechnologies.com ws://*.biznettechnologies.com wss://*.biznettechnologies.com *.zuppler.com ws://*.zuppler.com wss://*.zuppler.com *.braintreegateway.com *.braintree-api.com *.stripe.com *.worldpay.com *.usersnap.com s.yimg.com; frame-src 'self' *.google.com *.googlesyndication.com aexp.demdex.net *.aexp.demdex.net *.omtrdc.net *.hotjar.com *.braintreegateway.com www.facebook.com; style-src 'self' 'unsafe-inline' *.googleapis.com cloud.typography.com hello.myfonts.net/count/3b4b0c www.skymilesdining.com *.hotjar.com; font-src 'self' *.hotjar.com data: *.zopim.com *.gstatic.com; img-src 'self' *.zopim.io *.zopim.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.gstatic.com data: stats.g.doubleclick.net loyaltypartner.122.2o7.net *.omtrdc.net *.ggpht.com seal-chicago.bbb.org *.google.com *.zuppler.com dbgcbnch6yz43.cloudfront.net *.hotjar.com *.usersnap.com *.gravatar.com *.wp.com *.googletagmanager.com www.facebook.com sp.analytics.yahoo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googlesyndication.com *.doubleclick.net *.zopim.com assets.adobedtm.com aexp.demdex.net *.omtrdc.net assets.zendesk.com *.zdassets.com seal-chicago.bbb.org *.hotjar.com nexus.ensighten.com *.netlify.com *.netlify.app *.biznettechnologies.com *.zuppler.com *.stripe.com *.worldpay.com *.usersnap.com *.googletagmanager.com connect.facebook.net s.yimg.com; form-action 'self' www.facebook.com; 4 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 4 default-src 'self' *.hotetec.com; connect-src 'self' ws: *.hotetec.com *.google.com *.optimizely.com *.hijiffy.com *.hotelinking.com *.criteo.com *.clarity.ms *.smooch.io *.quicktext.im *.sendpulse.com *.reviewpro.com backend.fideltour.com stats.g.doubleclick.net www.google-analytics.com in.hotjar.com www.123compare.me cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com www.googleadservices.com www.google.es www.facebook.com dev-traffic.attby.io vc.hotjar.io *.parthenon.io *.triptease.io api.rollbar.com www.thehotelsnetwork.com *.majestic-resorts.com *.chatbot.com; frame-src *; ; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4 frame-ancestors 'self'; base-uri 'self'; object-src 'self'; 4 default-src https: data: 'unsafe-eval' 'unsafe-inline'; 4 frame-ancestors 'self' app.optimizely.com unileverde.inone.useinsider.com *.adobe.com *.adobemc.com 4 frame-ancestors 'self' valk.com *.valk.com valk.be *.valk.be vandervalk.de *.vandervalk.de; 4 frame-ancestors https://*.qq.com 3 frame-ancestors 'self' www.walmart.com wallet.walmart.com; media-src cyborg-wm-auth-service-v2.jet.com; report-uri https://csp.walmart.com/c/r/gl 3 frame-ancestors 'self' *.grammarly.com 3 report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com ajax.aspnetcdn.com ajax.googleapis.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com imasdk.googleapis.com js.rbxcdn.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com authsite.roblox.com *.googletagmanager.com *.googleadservices.com https://googleads.g.doubleclick.net cdn.veriff.me 3 default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* *.twitter.com *.twimg.com *.ads-twitter.com vk.com *.vk.com ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.stripe.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net *.hotjar.com:* *.hotjar.io wss://*.hotjar.com p2a.co *.profitwell.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com code.jquery.com cdn.embedly.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org core.spreedly.com *.airbrake.io browser-update.org d2yyd1h5u9mauk.cloudfront.net web.delighted.com change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com *.hotjar.com *.hotjar.io d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self' 3 frame-ancestors 'self' *.intranet *.uolinc.com; 3 frame-ancestors 'self' *.pathfactory.com *.lookbookhq.com *.newrelic.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com https://x.clearbitjs.com http://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://client-registry.mutinycdn.com https://client.mutinycdn.com/ https://user-data.mutinycdn.com; connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* ws://127.0.0.1:* https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https: http: https://cdn.amplitude.com https://api.amplitude.com https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://boards-api.greenhouse.io https://x.clearbitjs.com http://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://user-data.mutinycdn.com https://api-v2.mutinyhq.io https://api.statuspage.io https://pgncd.notion.so; font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com; img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com; frame-src https: http:; media-src https: http: 3 upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 3 frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca https://*.us.adp; 3 frame-ancestors 'self' acs.virtualeventsengine.com virtualexhibits360.com psav.digital 3 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' blob: o1.ingest.sentry.siemens-web.com edge.api.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net metrics.brightcove.com new.siemens.com assets.new.siemens.com api.dc.siemens.com w3.siemens.com searchapi.new.siemens.com privacyportal-eu.onetrust.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net blob: www.facebook.com www.google.com; default-src 'self' blob:; font-src 'self' www.siemens.com tools.adlytics.net data: fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net; img-src 'self' data: blob: android-webview-video-poster: *.siemens.com brightcove04pmdo-a.akamaihd.net *.prod.boltdns.net metrics.brightcove.com googleads.g.doubleclick.net ad.doubleclick.net www.facebook.com adservice.google.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net siemens.mindsphere.io; manifest-src 'self'; media-src 'self' manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com blob:; object-src players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com players.brightcove.net vjs.zencdn.net w3.siemens.com prod.ste.dc.siemens.com tools.adlytics.net www.googletagmanager.com connect.facebook.net snap.licdn.com www.googleadservices.com googleads.g.doubleclick.net www.google.com static.ads-twitter.com analytics.twitter.com geolocation.onetrust.com new.siemens.com; style-src 'report-sample' 'self' 'unsafe-inline' tools.adlytics.net new.siemens.com; worker-src blob:; report-uri https://o1.ingest.sentry.siemens-web.com/api/68/security/?sentry_key=b4382018df484832b4ee2501bc82cea7&sentry_environment=siemenscom-prod&sentry_release=76d53e77; 3 default-src data: blob: https://*.fbcdn.net https://*.facebook.com *.fbsbx.com *.messenger.com;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.messenger.com;style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com www.messenger.com www.google-analytics.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com *.tenor.co *.tenor.com *.giphy.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com https://*.giphy.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net; 3 upgrade-insecure-requests; frame-ancestors 'self' *.nhs.uk 3 frame-ancestors https://*.facebook.com https://*.parallels.com https://*.parallels.cn; 3 default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 3 default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://builds.coreos.fedoraproject.org; 3 frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; worker-src 'self' blob:; 3 default-src http: https: data: blob:; media-src http: https: data: blob:; img-src http: https: data: blob:; script-src http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: https: data:; worker-src http: https: data: blob:; font-src http: https: data:; 3 upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' *.coe.int 3 frame-ancestors 'self' ssense.com *.ssense.com 3 frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ 3 frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.findzen.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 3 frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com https://servicenow.highspot.com 3 upgrade-insecure-requests; frame-ancestors 'self' https://www.straitstimes.com http://www.straitstimes.com; 3 default-src 'self' *.starbucks.com *.starbucksassets.com *.starbucks.ca; manifest-src 'self' *.starbucks.com *.starbucks.ca; connect-src 'self' *.starbucks.com *.starbucksassets.com *.starbucks.ca *.nr-data.net *.doubleclick.net *.optimizely.com *.go-mpulse.net *.akamaihd.net *.akstat.io https://fonts.gstatic.com *.trustarc.com *.google-analytics.com *.googlevideo.com; child-src 'self' *.starbucks.com *.starbucks.ca *.doubleclick.net *.optimizely.com *.trustarc.com; media-src 'self' blob: *.starbucks.com *.starbucksassets.com *.starbucks.ca *.youtube.com; frame-src 'self' *.optimizely.com *.trustarc.com *.youtube.com; font-src 'self' *.starbucks.com *.starbucksassets.com *.starbucks.ca https://fonts.gstatic.com *.trustarc.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' *.starbucks.com *.starbucksassets.com *.starbucks.ca https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.starbucks.com *.starbucksassets.com *.starbucks.ca *.bing.com cdnjs.com *.optimizely.com *.trustarc.com *.googletagmanager.com *.google-analytics.com *.xg4ken.com *.newrelic.com *.nr-data.net *.go-mpulse.net *.doubleclick.net *.google.com *.gstatic.com; img-src 'self' data: *.starbucks.com *.starbucksassets.com *.starbucks.ca *.truste.com *.trustarc.com *.agkn.com *.google-analytics.com *.akamaihd.net *.adsrvr.org *.bing.com *.doubleclick.net *.googletagmanager.com https://*.gstatic.com *.google.com *.nr-data.net *.ytimg.com *.ggpht.com; report-uri /webhooks/csp-report; 3 default-src 'self' https: 'unsafe-inline' blob: data:; frame-ancestors 'self' 3 connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://static.accountdock.com https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 3 frame-ancestors 'self' https://metrika.yandex.ru/ 3 default-src 'self' *.brightcove.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.gstatic.com *.hotjar.com *.iesnare.com *.infogram.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com *.decibelinsight.net cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com wss://*.decibelinsight.net *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com *.mczbf.com *.sjwoe.com analytics.tiktok.com cdn.pdst.fm *.trustpilot.com trkn.us us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm *.qualtrics.com analytics.google.com *.nextdoor.com *.google.com *.yoast.com yoast.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:;font-src * data: 3 default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com *.atdmt.com www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com *.youtube.com *.ytimg.com;style-src data: blob: 'unsafe-inline' * *.oculus.com *.facebook.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.facebook.net *.fbthirdpartypixel.com *.akamaihd.net *.oculuscdn.com *.atdmt.com data: blob: www.google-analytics.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net media-library.stackla.com img.youtube.com *.ytimg.com alb.reddit.com;frame-src *.oculus.com *.fbthirdpartypixel.com *.facebook.com *.youtube.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3 frame-src 'self' *.kidshealth.org *.doubleclick.net *.snapchat.com *.vimeo.com *.google.com *.hotjar.com *.krxd.net *.adsrvr.org *.readspeaker.com *.polldaddy.com *.familysurvey.org *.survey.fm *.pinterest.com; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paytm.com *.paytm.in *.paytmmoney.com paytmstores.com *.paytmstores.com polyfill.io widget.gleamjs.io gleamjs.io platform.twitter.com *.bintray.com bintray.com cdn.syndication.twimg.com gateway.answerscloud.com *.cloudfront.net *.google.com *.hotjar.com apis.mapmyindia.com cdn.ravenjs.com *.youtube.com *.gstatic.com *.googleadservices.com *.doubleclick.net bid.g.doubleclick.net u.heatmap.it cdn.trackjs.com s.ytimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net alipaybridge://* cdn.branch.io googleads.g.doubleclick.net app.link bid.g cdn.ampproject.org dev.visualwebsiteoptimizer.com paytmmall.com *.paytmmall.com *.insider.in paytmblogfinal.wpengine.com code.jquery.com assets.pinterest.com blob:; frame-src 'self' *.paytm.com *.paytmmoney.com *.paytm.in *.twitter.com s.ytimg.com cdn.syndication.twimg.com *.insider.in paytmblogfinal.wpengine.com code.jquery.com assets.pinterest.com *.youtube.com assets.zendesk.com apis.mapmyindia.com *.facebook.com *.google.com *.hotjar.com cdn.ravenjs.com s-static.ak.facebook.com tautt.zendesk.com paytmmall.com *.paytmmall.com polyfill.io paytmstores.com *.paytmstores.com alipaybridge://* widget.gleamjs.io gleam.io; object-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php 3 default-src 'self' p11.techlab-cdn.com; script-src 'self' 'unsafe-eval' https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de p11.techlab-cdn.com; connect-src 'self' https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de p11.techlab-cdn.com; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de data:; media-src 'self' https://assets.static-bahn.de; 3 default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 3 frame-ancestors https://app.c-spanbus.org https://*.c-span.org 3 frame-ancestors 'self' app.optimizely.com cdn.optimizely.com *.fourseasons.com; report-uri https://vmkkmcabbh.execute-api.ca-central-1.amazonaws.com/CspReportsApi 3 frame-ancestors 'self' https: *.upwave.com 3 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 3 frame-ancestors 'self' *.brightspace.com; 3 default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.liveperson.net *.sas.com assets.adobedtm.com ssl.google-analytics.com accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.twitter.com *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com *.hubb.me 3 default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob: https://*.code.org https://javabuilderbeta-output.dev-code.org; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/ wss://*.code.org wss://javabuilderbeta.dev-code.org; media-src 'self' https: data: https://*.code.org http://vaas.acapela-group.com https://javabuilderbeta-output.dev-code.org; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org codecurricula.com 3 worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com 3 frame-src https://*.unodc.org https://*.twitter.com https://*,youtube.com 3 frame-ancestors 'self' *.kugou.com 3 child-src 'self'; connect-src 'self' blob: https://*.akafms.net https://*.akamaihd.net https://*.media.brightcove.com https://*.brightcove.com https://*.brightcovecdn.com https://*.brightcove.net https://*.digitalpfizer.com https://*.evidon.com https://*.hotjar.com https://*.llnw.net/ https://*.llnwd.net/ https://adservice.google.com https://amer-identity.pfizer.com https://bam-cell.nr-data.net https://bam.nr-data.net https://brightcove.hs.llnwd.net https://dpm.demdex.net https://edge.api.brightcove.com https://emea-identity.pfizer.com https://house-cloudfront.ap-northeast-1.prod.boltdns.net https://house-cloudfront.ap-southeast-1.prod.boltdns.net https://house-cloudfront.ap-southeast-2.prod.boltdns.net https://house-cloudfront.eu-west-1.prod.boltdns.net https://house-cloudfront.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://knrpc.olark.com/nrpc/ https://l.betrad.com https://sitecatalyst.omniture.com/sc15/activitymap https://players.brightcove.net https://stats.addtoany.com/menu https://stats.g.doubleclick.net https://tagmanager.google.com https://vc.hotjar.io/ https://www.facebook.com https://www.google-analytics.com wss://*.hotjar.com wss://*.pfizer.com https://*.cloudfront.net/ https://*.hapyak.com/ https://pfe-pfizercom-d8-dev.s3.us-east-1.amazonaws.com https://m.addthis.com https://api-v3.conductrics.com https://cdn-v3.conductrics.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.us-east-1.amazonaws.com https://players.brightcove.net/ https://players.brightcove.net/1852113022001/ByY1aeWF_default/config.json https://players.brightcove.net/1852113022001/7eDMrqTZyS_default/config.json https://www.youtube.com/iframe_api https://svc.webspellchecker.net https://cdn-dev.pfizer.com https://cdn.pfizer.com https://readyforcures.quorum.us https://quorum-media.s3.amazonaws.com https://pfizer.sc.omtrdc.net https://zn0grp1znmntsoslu-pfizercom.siteintercept.qualtrics.com https://www.qualtrics.com https://siteintercept.qualtrics.com https://pfizercom.qualtrics.com; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://docs.gcs.digitalpfizer.com/fonts/ https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://quilt-cdn.janrain.com https://script.hotjar.com https://use.fontawesome.com/releases/ https://use.typekit.net https://vjs.zencdn.net https://api2.fonts.com/ https://*.cloudfront.net/ https://www.youtube.com https://maxcdn.bootstrapcdn.com https://s3.us-east-2.amazonaws.com https://svc.webspellchecker.net https://cdn.pfizer.com https://cdn-dev.pfizer.com https://readyforcures.quorum.us https://quorum-media.s3.amazonaws.com https://zn0grp1znmntsoslu-pfizercom.siteintercept.qualtrics.com https://www.qualtrics.com https://siteintercept.qualtrics.com https://pfizercom.qualtrics.com; frame-src 'self' tel: https://*.fls.doubleclick.net https://*.janrainsso.com https://activitymap.adobe.com/sc15/activitymap/ https://bid.g.doubleclick.net https://l3.evidon.com https://players.brightcove.net https://static.addtoany.com https://static.olark.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.google.com/maps/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.youtube.com https://*.cloudfront.net/ https://s7.addthis.com https://platform.twitter.com https://syndication.twitter.com https://www.hapyak.com https://player.simplecast.com https://p2a.co https://www.pfizer.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://action.pfizer.com https://www.medrespond-pfra.com https://twitter.com https://insight.adsrvr.org https://pfe-pfizercom-d8-dev.s3.amazonaws.com/ https://docs.google.com/ https://match.adsrvr.org/ https://www.shaa.it https://cdn-dev.pfizer.com https://cdn.pfizer.com https://readyforcures.quorum.us https://quorum-media.s3.amazonaws.com https://zn0grp1znmntsoslu-pfizercom.siteintercept.qualtrics.com https://www.qualtrics.com https://siteintercept.qualtrics.com https://pfizercom.qualtrics.com; img-src 'self' about: data: https://* https://*.cloudfront.net/ https://img.youtube.com https://cdnjs.cloudflare.com https://pbs.twimg.com https://images-cdn.newscred.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://syndication.twitter.com https://abs.twimg.com https://ton.twimg.com https://platform.twitter.com https://developers.google.com https://pixel.newscred.com https://t.co/i/adsct https://tr.outbrain.com/pixel https://amplifypixel.outbrain.com/pixel https://px.ads.linkedin.com/collect https://p.adsymptotic.com/d/px/ https://app.icontact.com https://s3.us-east-2.amazonaws.com https://secure.adnxs.com https://pixel.mediaiqdigital.com https://cdn-dev.pfizer.com https://cdn.pfizer.com https://analytics.newscred.com https://analytics.welcomesoftware.com https://readyforcures.quorum.us https://quorum-media.s3.amazonaws.com https://zn0grp1znmntsoslu-pfizercom.siteintercept.qualtrics.com https://www.qualtrics.com https://siteintercept.qualtrics.com https://pfizercom.qualtrics.com; manifest-src 'self'; media-src 'self' data: blob: https://*.akafms.net https://*.akamaihd.net https://*.boltdns.net https://*.brightcovecdn.com https://*.llnw.net https://*.llnwd.net https://*.media.brightcove.com https://brightcove.hs.llnwd.net https://static.olark.com https://secure.brightcove.com/services/mobile/streaming/ https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://cdn-dev.pfizer.com https://cdn.pfizer.com; prefetch-src 'self' https://*.boltdns.net https://*.brightcovecdn.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.digitalpfizer.com https://*.janrain.com https://*.janraincapture.com https://*.janrainsso.com https://ajax.googleapis.com https://api.olark.com https://assets.adobedtm.com https://bam.nr-data.net https://cdnjs.cloudflare.com https://connect.facebook.net https://c.evidon.com https://l.evidon.com https://d1v9u0bgi1uimx.cloudfront.net https://d29usylhdk1xyu.cloudfront.net https://d7v0k4dt27zlp.cloudfront.net/assets/ https://docs.gcs.digitalpfizer.com https://googleads.g.doubleclick.net https://js.bizographics.com https://js-agent.newrelic.com https://knrpc.olark.com/nrpc/ https://l.betrad.com https://maps.googleapis.com https://optoutapi.evidon.com https://p.adsymptotic.com https://pfizer-grv-eu.janraincapture.com https://players.brightcove.net https://px.ads.linkedin.com https://rpxnow.com/load/ https://s3.amazonaws.com/pfe_grv https://s3.amazonaws.com/pfe_im/ https://script.hotjar.com https://sjs.bizographics.com https://static.hotjar.com https://static.addtoany.com https://static.olark.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vjs.zencdn.net https://www.bizographics.com https://www.google.com/recaptcha/ https://www.google.com/search/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.linkedin.com https://*.cloudfront.net/ https://*.cloudfront.net/js/partners/brightcovePlugin/ https://*.cloudflare.com/cdn-cgi/scripts/ https://cdn.jsdelivr.net https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://platform.twitter.com https://cdn.syndication.twimg.com https://p2a.co https://www.youtube.com/iframe_api https://action.pfizer.com https://s.ytimg.com https://maxcdn.bootstrapcdn.com https://static.ads-twitter.com/uwt.js https://analytics.twitter.com https://amplify.outbrain.com https://snap.licdn.com https://app.icontact.com https://d2qrdklrsxowl2.cloudfront.net https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://js.adsrvr.org https://svc.webspellchecker.net https://tr.outbrain.com https://bam-cell.nr-data.net https://cdn.taboola.com https://trc.taboola.com https://cdn-dev.pfizer.com https://cdn.pfizer.com https://analytics.newscred.com https://analytics.welcomesoftware.com https://readyforcures.quorum.us https://quorum-media.s3.amazonaws.com https://zn0grp1znmntsoslu-pfizercom.siteintercept.qualtrics.com https://www.qualtrics.com https://siteintercept.qualtrics.com https://pfizercom.qualtrics.com cdn-v3.conductrics.com cdnjs.cloudflare.com code.jquery.com https://pkg-cdn.digitalpfizer.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://cookies.pfizer.com https://d3hmp0045zy3cs.cloudfront.net https://fast.fonts.net https://fonts.googleapis.com https://*.janrain.com https://maxcdn.bootstrapcdn.com https://pfredirect.pfizersite.io https://players.brightcove.net https://quilt-cdn.janrain.com https://s3.amazonaws.com/pfe_grv/ https://static.olark.com https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://translate.googleapis.com https://use.typekit.net https://*.cloudfront.net/ https://*.s3.amazonaws.com/ https://cdn.jsdelivr.net https://p.typekit.net https://www.youtube.com https://platform.twitter.com https://ton.twimg.com https://app.icontact.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://svc.webspellchecker.net https://tr.outbrain.com https://cdn-dev.pfizer.com https://cdn.pfizer.com https://readyforcures.quorum.us https://quorum-media.s3.amazonaws.com https://zn0grp1znmntsoslu-pfizercom.siteintercept.qualtrics.com https://www.qualtrics.com https://siteintercept.qualtrics.com https://pfizercom.qualtrics.com cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob:; report-uri https://pfeprod.report-uri.com/r/t/csp/enforce 3 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.dickssportinggoods.com *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.iso.gp01.pcf.dcsg.com *.googleapis.com *.pub-cdn.dksfed.com pub-cdn.dksfed.com *.certona.net *.certona.com res-x.com maxcdn.bootstrapcdn.com c.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com d.impactradius-event.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net dsg.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com sslwidget.criteo.com static.ads-twitter.com dynamic.criteo.com static.criteo.net widget.criteo.com sslwidget.criteo.com dis.criteo.com dis.us.criteo.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com dis.us.criteo.com cdn.hlserve.com b.hlserve.com beam.criteo.com www.google.com googleads.g.doubleclick.net adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net www.paypal.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net; 3 'frame-ancestors' http://localhost:8100 https://*.tn.gov 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob: 3 default-src 'self' * data: https: blob:; object-src 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src * 'self' blob:; img-src * 'self' data: https: blob:; style-src * 'self' 'unsafe-inline'; font-src * data:; frame-src * 'self' 3 default-src 'self' *.carbonblack.io carbonblack.io *.cbcloud.de cbcloud.de *.cbcloud.sg cbcloud.sg *.duosecurity.com gstatic.com fonts.gstatic.com 'unsafe-inline' 3 frame-ancestors 'self' https://landing.weddingwire.com 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com; img-src 'self' data: *.afterpay.com *.clearpay.co.uk maps.gstatic.com *.googleapis.com *.ggpht cdn.builder.io static.fbot.me www.google.co.nz www.google.co.uk www.google.com www.google.com.au www.googletagmanager.com px.ads.linkedin.com www.facebook.com p.adsymptotic.com cdn.branch.io www.google-analytics.com public.fbot.me connect.facebook.net *.onetrust.com cdn.dashhudson.com likeshop.me track.linksynergy.com consent.linksynergy.com files.prezzee.com files.prezzee.com.au files.prezzee.uk; object-src 'none'; base-uri 'none'; 3 default-src 'self' data: https://*.commerce.gov https://*.mbda.gov https://*.d.commerce.gov https://content.govdelivery.com https://www.google-analytics.com https://use.fontawesome.com https://dap.digitalgov.gov https://*.twitter.com https://*.twimg.com https://*.youtube.com https://livestream.com https://*.livestream.com https://api.new.livestream.com https://rev-vbrick.uspto.gov https://*.facebook.com https://*.mapbox.com https://*.cloudflare.com https://*.tile.openstreetmap.org https://git.commerce.gov https://cdn.siteimprove.net https://youtube-nocookie.com https://www.youtube-nocookie.com https://*.uspto.gov 'unsafe-inline' 'unsafe-eval' ;upgrade-insecure-requests; 3 default-src https: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com www.google.com www.googletagmanager.com *.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net static.addtoany.com platform.twitter.com pi.pardot.com static.hotjar.com script.hotjar.com bat.bing.com s.swiftypecdn.com go.foxitinfo.com widget.trustpilot.com amplify.outbrain.com tr.outbrain.com q.quora.com 11145320.fls.doubleclick.net scout-cdn.salesloft.com static.zdassets.com widget-mediator.zopim.com tracking.g2crowd.com tags.srv.stackadapt.com ws.zoominfo.com www.redditstatic.com d.adroll.mgr.consensu.org d.adroll.com s.adroll.com connect.facebook.net static.ads-twitter.com sealserver.trustwave.com cdn.taboola.com cdn.ranksci.com *.stripe.com m.stripe.network *.paypal.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com h.online-metrix.net www.aexp-static.com www.paypalobjects.com;worker-src 'self' blob: 'unsafe-inline';style-src 'self' 'unsafe-inline' s.swiftypecdn.com fonts.googleapis.com *.cloudflare.com tags.srv.stackadapt.com;object-src 'self' *.foxitsoftware.com;font-src 'self' fonts.gstatic.com fonts.googleapis.com ka-f.fontawesome.com;img-src 'self' data: www.google.com www.google-analytics.com px.ads.linkedin.com cc.swiftype.com bat.bing.com images.g2crowd.com my.g2.com tr.outbrain.com *.adroll.com alb.reddit.com 11145320.fls.doubleclick.net www.facebook.com sealserver.trustwave.com trc.taboola.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com *.online-metrix.net q.quora.com d.adroll.com; 3 frame-ancestors *.motorsport.com *.motorsport.uol.com.br motorsport.uol.com.br *.autosport.com *.google.* 3 frame-ancestors 'self' *.ally.com; 3 default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' https://www.grainger.com; 3 default-src https: 'self' 'unsafe-inline' 'unsafe-eval' recruitics.com eprotect.vantivcnp.com *.vimeo.com *.recruitics.com soundcloud.com vimeo.com *.soundcloud.com *.adspeed.net sterlingcheck.com *.sterlingcheck.com vimeocdn.com jquery.com *.jquery.com *.vimeocdn.com *.vantivcnp.com worldpay.com *.paypal.com *.worldpay.com paypal.com paypalobjects.com *.paypalobjects.com *.greenhouse.io greenhouse.io *.braintree-api.com adspeed.net adsymptotic.com *.adsymptotic.com linkedin.com *.linkedin.com ads.linkedin.com googleapis.com licdn.com google.ca *.licdn.com iterable.com *.hexagon-analytics.com *.siftscience.com *.iterable.com *.googleapis.com google.com hsforms.com hsadspixel.net hsleadflows.net hs-scripts.com hs-analytics.net hubspot.com *.google.com *.amplitude.com amplitude.com *.getsentry.com hubapi.com hsforms.net *.hscta.net hscta.net *.hsforms.net *.hubapi.com *.hsforms.com *.hsadspixel.net *.hsleadflows.net *.hs-scripts.com *.hs-analytics.net *.hubspot.com getsentry.com akamaihd.net google-analytics.com *.google-analytics.com fls.doubleclick.net googleadservices.com *.googleadservices.com wss://*.care.com *.googletagmanager.com *.care.com *.cdn-care.com g.doubleclick.net *.facebook.net *.akamaihd.net cloudfront.net *.cloudfront.net btttag.com *.btttag.com googletagmanager.com facebook.com facebook.net *.facebook.com care.com cdn-care.com *.gstatic.com siftscience.com *.pinimg.com *.google.ca *.tiqcdn.com pinimg.com pinterest.com *.pinterest.com gstatic.com *.monetate.net monetate.net hexagon-analytics.com tiqcdn.com *.googlesyndication.com *.google.de shareasale.com pmmapads.com *.shareasale.com pmqzads.com *.pmmapads.com *.pmqzads.com *.google.ie *.google.ch *.google.es *.google.nl ieframe.dll *.google.fr *.google.se *.google.fi kis.v2.scr.kaspersky-labs.com *.google.it *.snapchat.com *.ieframe.dll getletterpress.com *.getletterpress.com *.flaticon.com svc.bronze.dom.omni.carezen.net wss://*.tokbox.com talentwise.com *.talentwise.com abtasty.com *.abtasty.com tokbox.com *.tokbox.com opentok.com *.stripe.com *.indeed.com indeed.com snapchat.com sc-static.net *.sc-static.net dropbox.com *.dropbox.com ziprecruiter.com *.ziprecruiter.com *.liveperson.net stripe.com *.opentok.com google.co.in google.com.mx *.youtube.com ytimg.com youtube.com xx.fbcdn.net *.cloudinary.com cloudinary.com *.twitter.com twitter.com google.co.jp emjcd.com *.emjcd.com amazonaws.com google.co.uk google.es google.nl google.fr google.de google.ie google.ch googlesyndication.com google.com.tr *.amazonaws.com google.it google.com.sg google.com.ph liveperson.net *.bing.com bing.com google.co.za s3.amazonaws.com google.se google.fi agkn.com lpsnmedia.net *.lpsnmedia.net v.liveperson.net *.agkn.com *.ytimg.com google.com.jm google.co.nz trendmicro.com *.hsappstatic.net *.trendmicro.com hubspot.net *.usemessages.com *.hscollectedforms.net *.google.tt google.at google.ae google.com.co google.com.sa hsappstatic.net *.hubspot.net alocdn.com *.alocdn.com va.us.criteo.net *.doubleclick.net kinsights.com *.kinsights.com *.criteo.net *.criteo.com da.us.criteo.net sv.us.criteo.net us.criteo.com criteo.net criteo.com *.amazon-adsystem.com *.monetate.org monetate.org ivaws.com *.ivaws.com narrative.io *.narrative.io *.honey.io honey.io mplxtms.com quora.com *.adsrvr.org adsrvr.org amazon-adsystem.com usemessages.com google.al *.google.lt *.google.cz *.google.rs *.google.sk *.google.bg *.google.al google.tt google.com.do google.co.cr cloudflare.com google.sk google.com.au google.hu *.google.hr *.google.bs *.google.hu google.ee google.com.np *.google.ae google.bg *.google.at *.google.cl google.rs *.google.dk *.google.gr *.google.no google.cz google.lt google.hr google.bs google.com.pa google.pl google.com.ar chrome-extension jwpltx.com p.jwpcdn.com google.com.ua google.no google.pt google.com.pr google.com.tw google.co.vi ms-browser-extension google.com.hk yahoo.com *.google.pl thrtle.com *.thrtle.com google.gr google.dk hscollectedforms.net data: blob:; 3 frame-ancestors *.seismic.com *.decibel.com *.decibelinsight.net *.twitter.com *.shareaholic.net *.onetrust.com *.omtrdc.net *.demdex.net *.doubleclick.net *.shareaholic.com *.linkedin.com *.facebook.com *.eurolandir.com *.cookielaw.com *.geoip-js.com *.google-analytics.com *.google.*; 3 default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src blob: js.driftt.com *.youtube-nocookie.com *.marketo.com; connect-src 'self' *.6sc.co *.6sense.com *.company-target.com *.google-analytics.com *.litix.io *.bugsnag.com *.bugherd.com *.pusher.com bugherd-attachments.s3.amazonaws.com *.mktoresp.com *.mktoutil.com *.stripe.com *.wistia.com s3.amazonaws.com api.lever.co embedwistia-a.akamaihd.net hackerone.com secure.adnxs.com stats.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com *.bugherd.com d2iiunr5ws5ch1.cloudfront.net *.trustarc.com *.typekit.net; form-action 'self' *.marketo.com *.twitter.com; frame-ancestors 'self'; frame-src 'self' fast.wistia.com js.driftt.com *.trustarc.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.marketo.com *.twitter.com my.pima.app; object-src 'self'; img-src 'self' data: *.6sc.co *.adsymptotic.com *.bidr.io *.company-target.com *.google-analytics.com *.google.com *.linkedin.com *.techtarget.com *.trustarc.com *.twimg.com *.twitter.com s3.amazonaws.com bugherd-attachments.s3.amazonaws.com d2iiunr5ws5ch1.cloudfront.net cdn.bizible.com cdn.bizibly.com cdn.ttgtmedia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com id.rlcdn.com stats.g.doubleclick.net t.co via.placeholder.com https://*.googletagmanager.com; media-src 'self' blob: data: *.wistia.com s3.amazonaws.com embedwistia-a.akamaihd.net js.driftt.com; script-src 'self' 'sha256-irDgLiTAwy41TBlsEthM8ACkswOyhizqioTpKoO+wXQ=' 'sha256-zhbl0sZX8jN5QPmxKiMTK7ATtfRG7gX6P3RpfCipGZ4=' 'sha256-mBTDWCA/b/X6hdP94T7WIOUlFGa1wyGlC8NvPHIwFDk=' 'sha256-hQ/G90zKFoi4hjw4RJH0RbeibvfwUcLDkP7n9N+ozWg=' 'sha256-hOshDjJP41kd9RTZBRclMkmjutgFxrQgMNcZj+gwKik=' 'sha256-UxNFn9BV0tbxsDIwY21jLCinM0c4xsctz5vk3jvgcA8=' 'sha256-ORZ9kU8QWBSjQiDDdmwsVmhUJl2mNvr332DvBprXQdg=' 'sha256-GIzg/vN5a9TbTavbaC/fu8ZDVJriAcj3NVOm9O9Ez7g=' 'sha256-njEVDP22SRLTbvkBGYBk/bZxj3vsHZe/TM7+ykFIPtk=' 'sha256-chw1FVji+ddLlO/RrcP3fhKOLsJUUh+FaKbjsOC2BiQ=' 'sha256-D6d37gZGDMRuNu3bDdYkGuOfCaaNGdTrB3eF5d5IU/Y=' 'sha256-XrP50Mq6s78GLH2Vyt4BfKhn8rx4OdU6FYqQGbxRuZc=' 'sha256-8+M6mWeVaqvmXQr6ICEeK1L8fOvFp6I+bpTpkYePz0Q=' 'sha256-beC9gSgoOLBjF6WPV9h2TG/2KJvbVTctAxQ9MTMyYbk=' 'sha256-4ogSPhBj5gyjxtI/kkTjyHlW/2tNk4FLetX3+ik9fPs=' 'sha256-/k3Lky8OmuiUX6COqMxH79YVPvcq2c55gd/HqG7lsi0=' 'sha256-pRMbUhnw0qjc6R64b23mwCtKdCF6fTKAYnukOH7ZzOw=' 'sha256-evOIAQWlBJQ+3KMf/PHqxrFNdU5DSFFYTRb4ZcJL6jk=' 'sha256-hU4B0G69nqzy1PZ5Jda591+j5XhFOmWiX9q0zyoaMsY=' 'sha256-fUPVzBO4Mo+NL5cVHRBbgZhsv1LF+vvQppJWvNHOPvA=' 'sha256-bav3DhTTktu5WW6mXc6L9ri8ZwCrRtn2bG3Etd0xzZQ=' 'sha256-DFFLwIcztss+sv3K4A7eR4/LomZ63ZtfLANbnojNCOc=' 'unsafe-hashes' *.6sc.co *.ads-twitter.com *.ads-twitter.com *.bred4tula.com *.bugherd.com *.cloudflare.com *.demandbase.com *.google-analytics.com *.googletagmanager.com *.jsdelivr.net *.linkedin.com *.marketo.com *.marketodesigner.com *.techtarget.com *.trustarc.com *.truste.com *.twitter.com cdn.bizible.com cdn.syndication.twimg.com d2iiunr5ws5ch1.cloudfront.net d2wy8f7a9ursnm.cloudfront.net fast.wistia.com js.driftt.com munchkin.marketo.net s3.amazonaws.com snap.licdn.com unpkg.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.marketo.com *.marketodesigner.com *.twitter.com *.typekit.net checkout.stripe.com d2iiunr5ws5ch1.cloudfront.net fast.wistia.com fonts.googleapis.com s3.amazonaws.com; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598 3 frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 3 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.ca *.interactivebrokers.com.hk *.interactivebrokers.hk *.interactivebrokers.ch *.interactivebrokers.eu *.interactivebrokers.com.sg *.ibkr.com.sg *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com IBKR.docebosaas.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.youtube.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io impact.interactivebrokers.com *.greenwichcompliance.com; 3 default-src 'self' static.zdassets.com coinex.zendesk.com coinex.zendesk.co *.viabtc.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com static.geetest.com widget-mediator.zopim.com *.zdassets.com api.geetest.com monitor.geetest.com bakapi.gtapp.xyz res.wx.qq.com coinex.zendesk.com coinex.zendesk.co *.viabtc.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network coinex.com coinex.co coinex.zone coinex.land coinex.network; style-src 'unsafe-inline' at.alicdn.com static.geetest.com coinex.zendesk.com coinex.zendesk.co dn-staticdown.qbox.me unpkg.com *.viabtc.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network coinex.com coinex.co coinex.zone coinex.land coinex.network; img-src www.google-analytics.com www.google.com www.google.de data: stats.g.doubleclick.net static.geetest.com *.viabtc.com *.amazonaws.com blob: *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network coinex.com coinex.co coinex.zone coinex.land coinex.network file.coinex.com file.coinex.co file.coinex.zone file.coinex.land file.coinex.network; font-src 'unsafe-inline' at.alicdn.com data: unpkg.com *.viabtc.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network coinex.com coinex.co coinex.zone coinex.land coinex.network; connect-src coinex.zendesk.com coinex.zendesk.co coinex-help.zendesk.com coinex-help.zendesk.co *.zdassets.com https://widget-mediator.zopim.com https://p.extfun.com wss://*.test.viabtc.com wss://widget-mediator.zopim.com ws://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net *.viabtc.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* wss://*.coinex.com wss://*.coinex.co wss://*.coinex.zone wss://*.coinex.land wss://*.coinex.network ws://*.coinex.com ws://*.coinex.co ws://*.coinex.zone ws://*.coinex.land ws://*.coinex.network; frame-src player.bilibili.com player.vimeo.com *.viabtc.com *.jumio.com www.youtube.com www.ixigua.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; child-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' admin.reverb.tools; media-src * 'unsafe-inline' 'unsafe-eval' data: blob: 3 object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 3 default-src 'self' *.fitchratings.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com fitchconnect.piwikpro.com cdn.polyfill.io *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com c.evidon.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbit.com *.idio.co tagmanager.google.com chart-studio.plotly.com public.flourish.studio app.fitchconnect-stg.com app.fitchconnect.com *.fitch.group static.hotjar.com script.hotjar.com vjs.zencdn.net; style-src 'self' 'unsafe-inline' blob: your.fitchratings.com fonts.googleapis.com; connect-src 'self' blob: *.fitchratings.com notify.bugsnag.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group c.evidon.com *.funnelenvy.com www.google-analytics.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com; prefetch-src 'self' *.funnelenvy.com 732-ckh-767.mktoresp.com *.boltdns.com *.betrad.com *.idio.co ga.clearbit.com house-fastly-signed-us-east-1-prod.brightcovecdn.com c.evidon.com fitchconnect.piwikpro.com munchkin.marketo.net snap.licdn.com script.crazyegg.com www.google-analytics.com www.googletagmanager.com *.brightcove.com; img-src 'self' data: trk.funnelenvy.com images.ctfassets.net *.boltdns.net metrics.brightcove.com www.google-analytics.com stats.g.doubleclick.net l.betrad.com fitchconnect.piwikpro.com *.linkedin.com p.adsymptotic.com *.idio.co *.fitch.group *.openstreetmap.org *.fitchratings.com httpsak-a.akamaihd.net script.hotjar.com; font-src 'self' data: *.fitchratings.com fonts.gstatic.com script.hotjar.com; frame-src 'self' *.fitchratings.com l3.evidon.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com vars.hotjar.com; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self' blob: *.fitchratings.com *.brightcove.com videos.ctfassets.net *.akamaihd.net manifest.prod.boltdns.net; object-src 'none' 3 default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 3 upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 3 frame-ancestors 'self' tvn24.pl *.tvn24.pl 3 script-src 'self' assets.adobedtm.com *.cognizant.com insight.adsrvr.org maps.googleapis.com www.google-analytics.com global.cognizant.com pi.pardot.com scripts.demandbase.com www.google-analytics.com px.ads.linkedin.com www.youtube.com tr.outbrain.com amplifypixel.outbrain.com munchkin.marketo.net ssl.google-analytics.com static.doubleclick.net ssl.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com connect.facebook.net miscmagazine.com graph.facebook.com api.linkedin.com api.instagram.com news.cognizant.com investors.cognizant.com api.twitter.com googleads.g.doubleclick.net static.doubleclick.net public.slidesharecdn.com www.slideshare.net t.contentsquare.net t.contentsquare.net/uxa/* *.contentsquare.net api.company-target.com/* c.6sc.co cognizant.sc.omtrdc.net https: 'unsafe-inline' 'unsafe-eval' data: blob:; 3 frame-ancestors 'self' https://www.poringa.net; 3 frame-ancestors 'self' http://webvisor.com http://awards.ratingruneta.ru 3 frame-ancestors 'self' *.springernature.com; 3 default-src 'self' *.beeline.ru *.oktaplan.ru *.fls.doubleclick.net suggestions.dadata.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io yastatic.net *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 *.dashamail.com *.onesignal.com onesignal.com suggest-maps.yandex.ru *.maps.yandex.ru code.reffection.com cdn3.caltat.com leadslabpixels.net sonar.semantiqo.com *.gestalt.email https://*.carrotquest.app https://*.carrotquest.io https://cdn.carrotquest.app https://api.carrottrack.io https://static.terratraf.io http://st.hybrid.ai/txsp.js https://qr.nspk.ru https://sync.bumlam.com static.terratraf.io https://sync.sniperlog.ru/gp/ https://synce.user-red.com/ https://sync3.adsniper.ru/ 'unsafe-inline'; frame-src *; media-src *; img-src * data: blob:; font-src *.beeline.ru data:; script-src 'self' *.beeline.ru *.oktaplan.ru *.fls.doubleclick.net kasko-osago-online.ru ad.mail.ru event.getblue.io widget.getblue.io ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io yastatic.net *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 *.dashamail.com *.onesignal.com onesignal.com suggest-maps.yandex.ru *.maps.yandex.ru code.reffection.com cdn3.caltat.com leadslabpixels.net sonar.semantiqo.com *.gestalt.email https://*.carrotquest.app https://*.carrotquest.io https://cdn.carrotquest.app https://api.carrottrack.io https://static.terratraf.io http://st.hybrid.ai/txsp.js https://qr.nspk.ru https://sync.bumlam.com static.terratraf.io https://sync.sniperlog.ru/gp/ https://synce.user-red.com/ https://sync3.adsniper.ru/ 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.beeline.ru metrika.yandex.ru mc.yandex.ru http://webvisor.com *.yandex.net *.mtproxy.yandex.net *.yandex.tld yastatic.net; connect-src 'self' *.beeline.ru *.oktaplan.ru *.fls.doubleclick.net suggestions.dadata.ru kasko-osago-online.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io wss://*.carrotquest.io yastatic.net *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 anketa.alfabank.ru *.dashamail.com *.onesignal.com onesignal.com suggest-maps.yandex.ru *.maps.yandex.ru code.reffection.com cdn3.caltat.com leadslabpixels.net sonar.semantiqo.com *.gestalt.email https://*.carrotquest.app wss://*.carrotquest.app https://*.carrotquest.io https://cdn.carrotquest.app https://api.carrottrack.io https://static.terratraf.io http://st.hybrid.ai/txsp.js https://qr.nspk.ru https://sync.bumlam.com static.terratraf.io https://sync.sniperlog.ru/gp/ https://synce.user-red.com/ https://sync3.adsniper.ru/ 'unsafe-inline' 3 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 3 frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com 'unsafe-eval' 'unsafe-inline'; 3 img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net bat.bing.com res.cloudinary.com dxkdvuv3hanyu.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com images.contentful.com mver.agkn.com images.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com connect.facebook.net www.google-analytics.com lh3.googleusercontent.com maps.googleapis.com www.google.com www.google.com.pr www.google.com.br www.google.com.co www.google.ca www.google.de www.google.ie www.google.co.uk www.google.co.in www.google.co.id www.googletagmanager.com *.gstatic.com heapanalytics.com script.hotjar.com static.intercomassets.com js.intercomcdn.com *.intercomcdn.com uploads.intercomusercontent.com *.online-metrix.net *.optimizely.com *.perka.com *.rfihub.com api.swiftype.com pixel.quantserve.com apintego.com app.nav.com *.t.eloqua.com track.hubspot.com play.vidyard.com cdn.vidyard.com px.ads.linkedin.com p.adsymptotic.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io recaptcha.net js.adsrvr.org www.redditstatic.com alb.reddit.com ct.pinterest.com s.pinimg.com www.linkedin.com s.amazon-adsystem.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com data.adxcel-ec2.com s.yimg.com sp.analytics.yahoo.com *.mydisputemanager.com *.evidon.com *.qualtrics.com cx.atdmt.com; font-src data: 'self' maxcdn.bootstrapcdn.com *.clover.com cloverstatic.com dev.cloverstatic.com fonts.gstatic.com heapanalytics.com script.hotjar.com js.intercomcdn.com use.fontawesome.com *.walkme.com *.qualtrics.com; frame-src mailto: 'self' tel: players.brightcove.net *.clover.com cloverstatic.com dev.cloverstatic.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.cdn.optimizely.com *.optimizely.com *.perka.com player.vimeo.com www.youtube.com *.ytimg.com play.vidyard.com *.lendingfront.com s.amazon-adsystem.com *.walkme.com mainstreetinsights.firstdata.com *.mydisputemanager.com insight.adsrvr.org; connect-src 'self' bat.bing.com *.clover.com cloverstatic.com dev.cloverstatic.com wss://*.clover.com *.contentful.com googleads.g.doubleclick.net stats.g.doubleclick.net secure.geonames.org www.facebook.com www.google-analytics.com apis.google.com storage.googleapis.com www.google.com *.greenhouse.io heapanalytics.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com uploads.intercomcdn.com uploads.intercomusercontent.com *.intercom.io wss://*.intercom.io h.online-metrix.net *.optimizely.com *.perka.com sentry.io *.sentry.io api.swiftype.com d8a92f8280d84184bb69a3a4b74b61d1.app-search.us-west-2.aws.found.io collection.bgalytics.com *.tt.omtrdc.net oamportal.fdvs.com *.donorschoose.org collection.sperse.io data.pendo.io recaptcha.net ct.pinterest.com *.walkme.com ordering.app s.yimg.com *.mydisputemanager.com *.evidon.com order-ahead-network-production.herokuapp.com api.thelevelup.com wss://ws4.hotjar.com *.qualtrics.com; default-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com *.clover.com cloverstatic.com dev.cloverstatic.com nifegwy.neustar.biz googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.googleadservices.com www.google-analytics.com apis.google.com maps.googleapis.com tagmanager.google.com optimize.google.com www.google.com www.googletagmanager.com tracker.gaconnector.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com *.optimizely.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com www.youtube.com secure.quantserve.com *.ytimg.com *.t.eloqua.com play.vidyard.com apps.mypurecloud.com secure.adnxs.com js.hs-scripts.com js.hs-analytics.net analytics.bgalytics.com img.en25.com snap.licdn.com amplify.outbrain.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com recaptcha.net js.adsrvr.org www.redditstatic.com s.pinimg.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com s.yimg.com sp.analytics.yahoo.com *.mydisputemanager.com *.evidon.com *.qualtrics.com munchkin.marketo.net; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.clover.com cloverstatic.com dev.cloverstatic.com fonts.googleapis.com tagmanager.google.com optimize.google.com heapanalytics.com *.natwest-tyl.com *.usetyl.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com *.mydisputemanager.com *.qualtrics.com; media-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com videos.ctfassets.net js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com h.online-metrix.net vd.vidoplay.com; frame-ancestors *.clover.com cloverstatic.com dev.cloverstatic.com *.natwest-tyl.com *.usetyl.com *.optimizely.com *.perka.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; report-uri https://us-central1-csp-violation-report-service.cloudfunctions.net/report; 3 default-src 'self' https://play.vidyard.com *.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://srvfrontcer.claro.com.co:7002 https://widget.sndcdn.com *.sndcdn.com https://js-agent.newrelic.com *.newrelic.com https://bam.nr-data.net *.nr-data.net *.claro.com.co *.claro.com *.googleadservices.com *.tags.bkrtx.com *.tags.bluekai.com *.amazonaws.com https://s3.amazonaws.com https://static.opentok.com https://static.opentok.com *.opentok.com https://browseranalytic.com *.browseranalytic.com https://widget.sndcdn.com *.sndcdn.com https://js.hsforms.net *.hsforms.net https://scp.kampyle.com *.kampyle.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://stati.in *.stati.in blob: https://play.vidyard.com *.vidyard.com https://static.zdassets.com https://clousc.com *.clousc.com https://static.hsappstatic.net *.hsappstatic.net https://forms.hsforms.com *.hsforms.com *.zdassets.com https://plinksoporte.zendesk.com *.zendesk.com https://play.vidyard.com *.vidyard.com https://d10lpsik1i8c69.cloudfront.net https://app.hubspot.com *.hubspot.com https://a.omappapi.com *.omappapi.com https://js.hs-scripts.com *.hs-scripts.com *.cloudfront.net https://people.wsuite.com *.wsuite.com https://js.hs-analytics.net *.hs-analytics.net https://widget-mediator.zopim.com *.zopim.com https://js.hs-banner.com *.hs-banner.com https://ajax.googleapis.com *.googleapis.com https://static.browseranalytic.com https://code.angularjs.org https://player.vimeo.com *.vimeo.com *.angularjs.org *.browseranalytic.com *.connect.facebook.net *.facebook.net https://polyfill.io *.polyfill.io https://library-sdb.apps.bancolombia.com *.bancolombia.com https://f.vimeocdn.com *.vimeocdn.com https://syndication.twitter.com *.twitter.com https://cdn.syndication.twimg.com *.twimg.com *.facebook.com *.script.hotjar.com https://asistencia.webv2.allus.com.co https://cdn.todo1.com *.todo1.com *.allus.com.co *.vars.hotjar.com *.t.co *.gstatic.com *.analytics.twitter.com *.twitter.com *.cdnjs.cloudflare.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.licdn.com *.static.ads-twitter.com *.ads-twitter.com *.p.adsymptotic.com *.adsymptotic.com *.sync.teads.tv *.facebook.com https://code.jquery.com *.jquery.com *.px.ads.linkedin.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com *.linkedin.com *.stats.g.doubleclick.net *.doubleclick.net *.static.hotjar.com https://static.hotjar.com https://tags.bkrtx.com https://tags.bluekai.com https://www.google.com https://script.hotjar.com *.grupobancolombia.com https://lptag.liveperson.net https://maps.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://unpkg.com https://accdn.lpsnmedia.net https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://www.sc.pages03.net https://www.youtube.com *.youtube.com https://resources.digital-cloud-west.medallia.com https://cdn.jsdelivr.net *.cdn.jsdelivr.net; img-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ data: https://* https://srvfrontcer.claro.com.co:7002 https://a.tribalfusion.com *.tribalfusion.com https://dpm.demdex.net *.demdex.net *.claro.com.co *.claro.com *.cloudfront.net *.px.ads.linkedin.com *.linkedin.com *.facebook.com *.amazonaws.com https://secure.gravatar.com *.gravatar.com https://pf-emoji-service--cdn.us-east-1.prod.public.atl-paas.net *.atl-paas.net https://vop.sundaysky.com *.sundaysky.com https://odr.mookie1.com *.mookie1.com https://monstat.com *.monstat.com https://pxl.jivox.com *.jivox.com https://vop.sundaysky.com *.sundaysky.com https://s3.amazonaws.com https://cdn2.hubspot.net https://i.stack.imgur.com *.imgur.com *.cloudfront.net https://widget.sndcdn.com *.sndcdn.com https://i1.sndcdn.com *.sndcdn.com https://a.omappapi.com *.omappapi.com *.hubspot.net https://upload.wikimedia.org *.wikimedia.org https://f.hubspotusercontent20.net https://play.vidyard.com *.vidyard.com *.hubspotusercontent20.net https://i1.sndcdn.com *.sndcdn.com https://track.hubspot.com https://i1.wp.com *.wp.com https://theme.zdassets.com *.zdassets.com *.hubspot.com https://soporte.plink.com.co *.plink.com.co https://cx.atdmt.com *.atdmt.com https://i.ytimg.com https://b1sync.zemanta.com *.zemanta.com https://sync.crwdcntrl.net *.crwdcntrl.net https://www.googletagmanager.com *.googletagmanager.com https://platform.twitter.com *.twitter.com https://abs.twimg.com *.ytimg.com https://i.vimeocdn.com *.vimeocdn.com https://xrbcqpor01.bancolombia.com:10039 *.bancolombia.com https://maps.googleapis.com *.googleapis.com https://yt3.ggpht.com *.ggpht.com https://connect.facebook.net *.facebook.net https://asistencia.webv2.allus.com.co *.allus.com.co *.google-analytics.com *.t.co https://t.co *.google.com https://www.google.com.co https://p.adsymptotic.com *.cdn.dynamicyield.com *.dynamicyield.com *.grupobancolombia.com https://tags.bluekai.com *.pages03.net *.maps.gstatic.com https://maps.gstatic.com *.gstatic.com https://resources.digital-cloud-west.medallia.com https://sync.teads.tv *.teads.tv https://googleads.g.doubleclick.net *.googleads.g.doubleclick.net; media-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://srvfrontcer.claro.com.co:7002 *.claro.com.co *.claro.com *.googleadservices.com *.grupobancolombia.com *.amazonaws.com *.cloudfront.net https://s3.amazonaws.com https://static.zdassets.com *.zdassets.com https://static.zdassets.com *.zdassets.com https://www.youtube.com https://asistencia.webv2.allus.com.co *.allus.com.co *.youtube.com blob: data:; frame-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://srvfrontcer.claro.com.co:7002 https://widget.spreaker.com *.spreaker.com *.claro.com.co *.claro.com *.googleadservices.com https://bcapi.apichefcompany.com *.cloudfront.net *.apichefcompany.com *.google-analytics.com *.facebook.com https://w.soundcloud.com *.soundcloud.com https://series1.cma.com.br *.cma.com.br https://bancolombia.olb.todo1.com *.todo1.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://extractosinternet.bancolombia.com *.bancolombia.com https://forms.hsforms.com *.hsforms.com https://play.vidyard.com *.vidyard.com https://platform.twitter.com *.twitter.com https://vars.hotjar.com https://player.vimeo.com *.vimeo.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://asistencia.webv2.allus.com.co *.allus.com.co https://series1.cma.com.br *.cma.com.br https://stags.bluekai.com https://api.skaduks.com https://bid.g.doubleclick.net *.grupobancolombia.com https://www.google.com *.google.com https://www.google-analytics.com https://cdn.dynamicyield.com *.dynamicyield.com https://lpcdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://gmsdigitales.claro.com.co:8443 https://vc.hotjar.io; style-src 'self' 'unsafe-inline' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://srvfrontcer.claro.com.co:7002 *.claro.com.co *.claro.com https://asistencia.webv2.allus.com.co https://cdnjs.cloudflare.com *.cloudflare.com https://library-sdb.apps.bancolombia.com *.bancolombia.com *.amazonaws.com https://s3.amazonaws.com https://assets.kampyle.com *.kampyle.com https://cdn2.hubspot.net *.hubspot.net https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://cdn.jsdelivr.net *.jsdelivr.net https://cdn2.hubspot.net https://assets.vidyard.com *.vidyard.com *.hubspot.net https://static.zdassets.com *.zdassets.com *.webv2.allus.com.co https://www.gstatic.com *.gstatic.com https://f.vimeocdn.com *.vimeocdn.com https://platform.twitter.com *.twitter.com https://www.grupobancolombia.com https://use.fontawesome.com *.fontawesome.com *.grupobancolombia.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://nominatim.openstreetmap.org https://servcompwctb.claro.com.co https://fonts.googleapis.com *.google.com https://www.google-analytics.com *.google-analytics.com https://www.google.com https://unpkg.com; connect-src 'self' https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://bam.nr-data.net *.nr-data.net https://srvfrontcer.claro.com.co:7002 *.claro.com.co *.claro.com https://gms-digitales.claro.com.co:8443 *.claro.com.co:8443 *.claro.com.co:8030 https://webrtc.claro.com.co:8030 *.stats.g.doubleclick.net *.cloudfront.net https://fresnel.vimeocdn.com *.vimeocdn.com data: https://player-telemetry.vimeo.com *.vimeo.com https://api-widget.soundcloud.com *.soundcloud.com https://external.apps.bancolombia.com *.bancolombia.com https://api.us.apiconnect.ibmcloud.com *.ibmcloud.com https://jsonip.com *.jsonip.com https://resources.digital-cloud-west.medallia.com *.medallia.com https://inveco-services.qdata.io *.qdata.io https://identify.hotjar.com https://wave.sndcdn.com *.sndcdn.com https://api.ipify.org *.ipify.org *.hotjar.com https://alivionofinancieros.isobarapi.com *.isobarapi.com https://130vod-adaptive.akamaized.net *.akamaized.net https://c.browseranalytic.com *.amazonaws.com https://s3.amazonaws.com *.claro.com.co *.claro.com https://forms.hsforms.com *.hsforms.com https://tpbancolombia.teleperformance.co *.teleperformance.co https://raw.vidyard.com *.vidyard.com wss://tpbancolombia.teleperformance.co *.teleperformance.co https://ekr.zdassets.com https://api-k8-cer.plink.com.co https://api.plink.com.co *.plink.com.co https://api.omappapi.com *.omappapi.com *.zdassets.com wss://widget-mediator.zopim.com *.zopim.com https://plinksoporte.zendesk.com *.zendesk.com https://settings.luckyorange.net *.luckyorange.net https://digital.sanchobbdoapp.com https://www.calculadoralaboral.co *.calculadoralaboral.co *.sanchobbdoapp.com *.browseranalytic.com https://strfeedrt01.cma.com.br *.cma.com.br https://syndication.twitter.com *.twitter.com https://stats.g.doubleclick.net https://bcapi.apichefcompany.com *.apichefcompany.com https://bid.g.doubleclick.net *.googlevideo.com https://api.skaduks.com https://nominatim.openstreetmap.org https://servcompwctb.claro.com.co:7002 *.cdn.dynamicyield.com *.dynamicyield.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.cdn.dynamicyield.com *.st.dynamicyield.com *.rcom.dynamicyield.com https://cdn.dynamicyield.com https://st.dynamicyield.com https://rcom.dynamicyield.com https://www.facebook.com https://cdn.jsdelivr.net *.jsdelivr.net *.facebook.com https://external-qa.apps.ambientesbc.com https://lpcdn.lpsnmedia.net https://firestore.googleapis.com https://www.youtube.com *.youtube.com https://9811311.fls.doubleclick.net https://webapp1.allus.com.co https://yt3.ggpht.com *.yt3.ggpht.com https://i.ytimg.com *.i.ytimg.com *.googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.grupobancolombia.com https://gmsdigitales.claro.com.co:8443 https://vc.hotjar.io; font-src 'self' data: https://clientes-ext-qa.apps.ambientesbc.com/ https://clientes-ext.apps.bancolombia.com/ https://* https://srvfrontcer.claro.com.co:7002 https://www.grupobancolombia.com *.grupobancolombia.com *.cloudfront.net https://cdnjs.cloudflare.com *.cloudflare.com https://jsbin-user-assets.s3.amazonaws.com *.amazonaws.com https://static.zdassets.com *.zdassets.com https://assets.kampyle.com *.kampyle.com https://fonts.gstatic.com *.gstatic.com https://library-sdb.apps.bancolombia.com *.bancolombia.co https://galatea-dev.apps.ambientesbc.com *.ambientesbc.com https://stackpath.bootstrapcdn.com *.bootstrapcdn.com https://use.fontawesome.com *.fontawesome.com; 3 font-src * data:; img-src * data: blob:; worker-src blob:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ceros.com *.licdn.com sc-static.net *.ywxi.net *.snapchat.com *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.survicate.com *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com marchofdimes.formstack.com api.mapbox.com events.mapbox.com *.tiles.mapbox.com cdn.heapanalytics.com heapanalytics.com *.taboola.com *.hsleadflows.net *.hsforms.com *.steelhousemedia.com secure.quantserve.com *.quantcount.com apps.rokt.com/ *.apple.com *.cdn-apple.com *.wdsvc.net *.supportgroupscentral.com; frame-ancestors 'self' *.marchofdimes.org *.marchforbabies.org *.onecause.com; 3 default-src 'self' https: data: 'unsafe-inline' 3 default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net; script-src 'self' 'unsafe-inline' https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://santanderuk.tt.omtrdc.net https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://www.youtube-nocookie.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src lpcdn.lpsnmedia.net; worker-src blob:; 3 value 3 img-src https: data: www.googletagmanager.com; style-src https: 'unsafe-inline' https://services.postcodeanywhere.co.uk/; object-src 'none'; base-uri 'none'; font-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://services.postcodeanywhere.co.uk/ https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; default-src https: 3 frame-ancestors 'self' https://admin.vbulletin.com/ https://www.vbulletin.com/ https://members.vbulletin.com/ https://testsecureacceptance.cybersource.com/ https://secureacceptance.cybersource.com/ https://ssl.kaptcha.com/'; script-src * blob: 'unsafe-inline' 'unsafe-eval' ; object-src *; 3 frame-ancestors https://*.ionos.co.uk https://ionos.co.uk; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com d25vtythmttl3o.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com customer.cludo.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com d25vtythmttl3o.cloudfront.net; style-src 'self' 'unsafe-inline' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com d25vtythmttl3o.cloudfront.net ajax.googleapis.com cloud.typography.com customer.cludo.com https://*.boisestate.edu; img-src data: * ; font-src data: cloud.typography.com 'self' https://*.boisestate.edu; connect-src 'self' api-us1.cludo.com https://*.boisestate.edu *.pusherapp.com *.pusher.com fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com; media-src 'self' https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com d25vtythmttl3o.cloudfront.net; object-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; worker-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; frame-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; ; frame-ancestors 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; form-action 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ bbox.blackbaudhosting.com app.everviz.com payments.blackbaud.com *.kuali.co t.unbounce.com *.hotjar.com *.bing.com *.hotjar.io connect.facebook.net *.skedda.com wss://*.hotjar.com players.brightcove.net https://doublethedonation.com/ https://www.doublethedonation.com/ frame-ancestors *.instructure.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; upgrade-insecure-requests; block-all-mixed-content; 3 default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://js.hsadspixel.net https://up.pixel.ad https://unpkg.com https://static.hotjar.com https://script.hotjar.com https://bat.bing.com https://cdn.jsdelivr.net https://www.trustradius.com https://ssl.google-analytics.com https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com https://com-avaya.netmng.com https://nan.netmng.com https://audiences.ignitionone.com https://a.rfihub.com https://c1.rfihub.net https://4529201.fls.doubleclick.net https://sp.analytics.yahoo.com com-avaya.qa.netmng.com https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.adroll.com https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://avaya.greenshootlabs.com https://*.kaltura.com https://*.linkedin.com https://*.serving-sys.com https://*.webengage.co https://*.webengage.com https://*.webtrends.com https://*.webtrendslive.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com https://*.arkoselabs.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.trustradius.com https://*.avaya.com https://*.kaltura.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://avaya.greenshootlabs.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' https://avayabot.avaya.com https://vc.hotjar.io https://bat.bing.com https://*.lottiefiles.com https://forms.visistat.com wss://*.hotjar.com https://*.hotjar.com https://analytics.google.com https://s1737033466.t.eloqua.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://*.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.kaltura.com https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://c.webengage.com https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://avaya.greenshootlabs.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca; frame-ancestors 'self' https://*.avaya.com ; report-uri https://ce4597319c39d6fb9172e9cd9821a217.report-uri.io/r/default/csp/enforce; 3 frame-ancestors secure.livechatinc.com www.youtube.com www.google.com 'self'; frame-src analytics.clickdimensions.com *.doubleclick.net *.dynamics.com secure.livechatinc.com www.youtube.com www.google.com 'self'; 3 default-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch; script-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://google.com http://www.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com http://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://tagmanager.google.com https://www.gstatic.com https://www.linkedin.com https://analytics.twitter.com https://px.ads.linkedin.com https://maps.googleapis.com https://platform.twitter.com https://cdn.checkout.com https://static-resource.com https://sjs.bizographics.com https://snap.licdn.com http://bat.bing.com https://bat.bing.com https://www.dwin1.com http://www.dwin1.com https://*.intercom.io http://*.intercom.io https://*.intercomcdn.com http://*.intercomcdn.com https://p.teads.tv; font-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'unsafe-inline' chrome-extension 'self' data: http://*.gstatic.com https://*.gstatic.com https://*.intercomcdn.com https://github.com/google/fonts; style-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://tagmanager.google.com; img-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'unsafe-inline' 'self' data: android-webview-video-poster https://* http://*; object-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://vjs.zencdn.net; connect-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch ws://*.infomaniak.ch:* ws://*.infomaniak.com:* wss://*.infomaniak.ch:* wss://*.infomaniak.com:* https://www.google.com https://nexus-long-poller-a.intercom.io https://*.bugsnag.com https://bat.bing.com http://bat.bing.com https://*.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://www.google.ch https://www.google.fr https://www.google.de https://www.google.be https://*.facebook.com https://*.facebook.net https://*.linkedin.com https://*.checkout.com https://*.intercom.io http://*.intercom.io wss://*.intercom.io; child-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://www.google.com https://google.com https://www.facebook.com https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com https://bid.g.doubleclick.net; frame-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://www.google.com https://google.com https://www.facebook.com https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com https://bid.g.doubleclick.net; media-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://js.intercomcdn.com; worker-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch data: blob:; report-uri /api/csp-report; 3 default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://*.optimizely.com https://*.readspeaker.com *.abtasty.com; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://*.cdn.optimizely.com https://secure.opinionlab.com https://*.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com https://www.youtube-nocookie.com; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://*.readspeaker.com https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://cdn.optimizely.com https://*.readspeaker.com https://bdtm.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com *.abtasty.com 'unsafe-inline' 3 frame-src 'self' https://*.cookiebot.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.pingdom.net https://ams.creativecdn.com https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://lidl.de https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://www.google.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.lidl-gewinnspiel.de https://www.youtube.com intent: https://*.adyen.com https://*.bizrate.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.ftrace.com https://*.lidl-info.com https://*.lidl.com https://*.mynetfair.com https://*.sit.sys.odj.cloud https://*.vrxs.de https://ar.lidl.com https://balancechecks.tx-gate.com https://facebook.com https://h.online-metrix.net https://ldl.viewer.cit-fusion.com https://lidlde.int.userwerk.com https://review.apps.01.cf.eu01.stackit.cloud https://www.awin1.com https://www.edge-cdn.net https://www.lidl-gewinnspiel.de ; object-src data: https://*.cookiebot.com https://*.lidl-shop.com https://*.lidl.de https://bidswitch.net https://form.lidl.com https://lidl.de https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://www.google.com https://youtube.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.lidl-info.com https://*.online-metrix.net https://facebook.com https://h.online-metrix.net ; base-uri 'self' ; img-src 'self' data: https://*.addthis.com https://*.adnxs.com https://*.casalemedia.com https://*.cat-ret.assets.lidl https://*.cookiebot.com https://*.kameleoon.com https://*.kameleoon.eu https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.retail.lidl.net https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cm.adform.net https://form.lidl.com https://lidl.de https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://www.adobe.com https://www.bing.com https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.youtube.com moz-extension: https://*.360yield.com https://*.adition.com https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.bizrate.com https://*.criteo.com https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.stickyadstv.com https://*.taboola.com https://*.twiago.com https://*.yahoo.com https://*.yieldlab.net https://analytics.google.com https://balancechecks.tx-gate.com https://contextual.media.net https://event.yoochoose.net https://facebook.com https://h.online-metrix.net https://lh3.googleusercontent.com https://lidlde.int.userwerk.com https://match.sharethrough.com https://sync.outbrain.com https://translate.google.com https://via.placeholder.com https://visitor.omnitagjs.com https://www.awin1.com https://www.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com ; report-uri https://csp-server.prod.varnish-poc.lidl-shop.com/csp/report ; frame-ancestors 'self' https://*.lidl.com https://beeem.co ; form-action 'self' https://accounts.lidl.com ; style-src 'self' https://*.cookiebot.com https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://bidswitch.net https://form.lidl.com https://lidl.de https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://www.bing.com https://www.google.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com 'unsafe-inline' https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.parcellab.com https://*.sit.sys.odj.cloud https://facebook.com https://www.bing.com ; default-src 'self' blob: data: https://*.cookiebot.com https://*.kameleoon.com https://*.kameleoon.eu https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://bidswitch.net https://form.lidl.com https://lidl.de https://s.kelkoogroup.net https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://www.bing.com https://www.google.be https://www.google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com intent: wss://127.0.0.1:* https://*.8select.io https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.parcellab.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://analytics.google.com https://balancechecks.tx-gate.com https://event.yoochoose.net https://facebook.com https://fonts.gstatic.com https://h.online-metrix.net https://lidl.media01.eu https://lidlde.int.userwerk.com https://tracking.s24.com https://www.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://www.lacmp.net https://csp-server.prod.varnish-poc.lidl-shop.com ; script-src 'self' blob: https://*.cookiebot.com https://*.kameleoon.com https://*.kameleoon.eu https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://lidl.de https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://www.bing.com https://www.google.com https://youtube.com https://*.youtube.com 'unsafe-eval' 'unsafe-inline' https://*.8select.io https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.lidl-info.com https://*.lidl.com https://*.online-metrix.net https://*.parcellab.com https://*.semtrack.de https://*.simplesurance.de https://adservice.google.de https://ajax.googleapis.com https://balancechecks.tx-gate.com https://cdn.ravenjs.com https://code.etracker.com https://dmp.theadex.com https://facebook.com https://h.online-metrix.net https://lidl.media01.eu https://lidlde.int.userwerk.com https://s.ytimg.com https://tracking.s24.com https://www.bing.com https://www.dwin1.com https://www.etracker.de https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.lacmp.net ; 3 frame-ancestors 'self' *.eur.nl 3 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' affiliate.tradetracker.com merchant.tradetracker.com static.hotjar.com script.hotjar.com snap.licdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com player.vimeo.com www.youtube.com s.ytimg.com code.jquery.com sc.lfeeder.com leadbooster-chat.pipedrive.com scatec.io 3 default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 3 upgrade-insecure-requests;block-all-mixed-content 3 default-src 'none';img-src data: https:;script-src 'unsafe-inline' 'unsafe-eval' blob: https:;style-src 'unsafe-inline' https:;font-src data: https:;frame-ancestors 'self';connect-src https:; media-src blob: https:;frame-src https: data: blob:;child-src https:;worker-src blob: https:;base-uri https:;form-action https: 3 frame-ancestors 'self' https://content.rockwellautomation.com; 3 default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ 3 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com acquia.seismic.com app.veertly.com; report-uri /report-csp-violation 3 frame-ancestors 'self' *.optus.com.au *.ippayments.com *.pegacloud.net *.gomo.com.au *.realestate.com.au; 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 3 frame-ancestors 'self' http://ideas.cloudera.com https://ideas.cloudera.com http://pages.cloudera.com https://pages.cloudera.com https://*.kampyle.com https://*.medallia.com 3 default-src wss: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src data: https: 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/ https://ci-public.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com https://fastaction.ngpvan.com https://js2.verygoodvault.com https://profile.ngpvan.com https://d3rse9xjbp8270.cloudfront.net https://www.youtube-nocookie.com https://secure.everyaction.com https://rules.quantcount.com https://secure.quantserve.com https://www.youtube.com https://unpkg.com https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://static.arcgis.com https://sp.analytics.yahoo.com https://s.yimg.com https://donorbox.org https://optimize.google.com https://tagmanager.google.com https://www.conservation.org https://app.vwo.com https://public.tableau.com *.typeform.com https://s3.amazonaws.com/trk.cetrk.com/f/t.js *.visualwebsiteoptimizer.com *.crazyegg.com *.stripe.com bitpay.com api.tiles.mapbox.com fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com secure.adnxs.com *.googletagmanager.com js.stripe.com dcc4iyjchzom0.cloudfront.net cartocdn-gusc.global.ssl.fastly.net conservation.carto.com sp13loader.ciapps.org maps.googleapis.com https://cdnjs.cloudflare.com http://conservation-tron.imgix.net ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://conservation-org.tron.silvertech.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' https://unpkg.com/ https://unpkg.com/leaflet@1.7.1 https://ci-public.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com https://ci-everyaction-public.s3.amazonaws.com https://d3rse9xjbp8270.cloudfront.net https://optimize.google.com https://tagmanager.google.com https://tagmanager.google.com api.tiles.mapbox.com sp13loader.ciapps.org fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src https://storage.googleapis.com https://api.mapbox.com https://ci-ooh.s3.amazonaws.com https://d1aqhv4sn5kxtx.cloudfront.net https://secure.everyaction.com https://d1aqhv4sn5kxtx.cloudfront.net https://secure.everyaction.com https://d3rse9xjbp8270.cloudfront.net http://cicloud.s3.amazonaws.com https://cicloud.s3.amazonaws.com https://pixel.quantserve.com https://njoel9cc11.execute-api.us-east-1.amazonaws.com https://d2ey44ppm6i0sm.cloudfront.net https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://d1wrq3tu9qy8md.cloudfront.net https://ci-pixel-ephemeral.s3.amazonaws.com https://ci-pixel-persistent.s3.amazonaws.com https://cicloud.s3.amazonaws.com/ https://cdn.cookielaw.org/ https://firecastwebserver01.ciapps.org https://services.arcgisonline.com https://server.arcgisonline.com https://d1iczxrky3cnb2.cloudfront.net https://ssl.gstatic.com https://www.gstatic.com http://cloud.conservation.org.s3.amazonaws.com/ https://cloud.conservation.org.s3.amazonaws.com/ https://www.arcgis.com/ https://public.tableau.com https://ci-public.s3.amazonaws.com *.crazyegg.com *.visualwebsiteoptimizer.com *.stripe.com *.googletagmanager.com sitefinity.ciapps-aws.org www.google.com.br www.google.com bat.bing.com stats.g.doubleclick.net cartocdn-gusc.global.ssl.fastly.net sp13loader.ciapps.org *.maps.api.here.com ciorg.imgix.net ciapps-kiwi.imgix.net 'self' maps.gstatic.com http://conservation-tron.imgix.net maps.googleapis.com https://conservation-org.tron.silvertech.net/ i.ytimg.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' https://d3rse9xjbp8270.cloudfront.net sp13loader.ciapps.org themes.googleusercontent.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' https://fastaction.ngpvan.com https://profile.ngpvan.com https://actions.everyaction.com https://secure.everyaction.com *.crazyegg.com https://recording.crazyegg.com https://privacyportal-eu.onetrust.com https://analytics.google.com https://stats.g.doubleclick.net https://script.crazyegg.com https://ci-public.s3.amazonaws.com https://conservation.org.s3.amazonaws.com https://dvm5qo6r5pdyf.cloudfront.net https://cdn.cookielaw.org/ https://tracking.crazyegg.com https://s.yimg.com https://api.altmetric.com https://doi.org https://api.crossref.org https://data.crossref.org https://carbonfootprint.short.car-calc.cc sample-api-v2.crazyegg.com https://cibitly.ciapps.org https://act.conservation.org https://firecastwebserver01.ciapps.org stripe.ciapps.org checkout.stripe.com bitpay.ciapps.org *.google-analytics.com bitpay.com events.mapbox.com api.mapbox.com convio.ciapps.org secure2.convio.net sharkstracker.ciapps.org conservation.carto.com sp13loader.ciapps.org accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com data: blob: ; media-src https://ooh.ciapps-aws.org https://dow8iayks4wtt.cloudfront.net http://cicloud.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com civideos.ciapps.org 'self' data: blob:; child-src 'self' https://v.qq.com https://js2.verygoodvault.com https://forms.microsoft.com https://app.powerbi.com https://open.spotify.com https://donorbox.org/ https://optimize.google.com https://app.vwo.com https://firecastwebserver01.ciapps.org https://form.jotform.com/ https://www.un.org https://logiprod.conservation.org/ https://www.arcgis.com/ https://public.tableau.com *.microsoftonline.com *.office.com *.typeform.com www.tiktok.com data: blob: checkout.stripe.com bitpay.com bid.g.doubleclick.net sitefinity.ciapps-aws.org submit.jotformz.com form.jotformz.com 8760954.fls.doubleclick.net js.stripe.com www.qzzr.com https://platform.twitter.com/ http://conservation-tron.imgix.net https://syndication.twitter.com/ https://www.youtube.com/ https://conservation-org.tron.silvertech.net/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 3 frame-ancestors 'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com *.sas.com 3 frame-ancestors *.procore.com 3 default-src 'self' *.ncr.com *.adform.net adobe.com *.adobe.com; frame-src 'self' *.ncr.com *.hotjar.com *.hotjar.io *.demdex.net *.springcm.com *.demandbase.com *.callrail.com *.rakuten.com ncrpresalesfundrequest.secure.force.com *.doubleclick.net *.addthis.com *.salesforceliveagent.com www.youtube.com *.typeform.com *.ncrsilver.com calendly.com apisandbox.zuora.com *.artefactscloud.com www.facebook.com www.youtube-nocookie.com *.juicer.io *.linksynergy.com *.whiteboard.is marketo.net *.marketo.net marketo.com *.marketo.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com jotform.com *.jotform.com powerbi.com *.powerbi.com fliphtml5.com *.fliphtml5.com *.google.com airtable.com *.amelia.com *.webflow.io *.msgctrl.com *.whiteboard.is *.shapespark.com *.tiktok.com forms.office.com trustpilot.com *.trustpilot.com pixel.sitescout.com adobe.com *.adobe.com *.adform.net *.mathtag.com *.driftt.com *.instagram.com *.oraclecloud.com; img-src data: *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ncr.com data: *.adobedtm.com px.ads.linkedin.com *.salesforceliveagent.com googleads.g.doubleclick.net snap.licdn.com assets.juicer.io s.ytimg.com *.addthis.com *.addthisedge.com connect.facebook.net www.googletagmanager.com www.google-analytics.com sjs.bizographics.com www.googleadservices.com maps.google.com maps.googleapis.com www.youtube.com www.google.com *.hotjar.io *.hotjar.com cdn.schemaapp.com ajax.googleapis.com assets.adobedtm.com cdn.cookielaw.org img.en25.com *.typeform.com use.edgefonts.net *.rakuten.com fullstory.com *.fullstory.com *.demandbase.com *.callrail.com *.linksynergy.com *.bing.com *.cloudfront.net *.calendly.com jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com unpkg.com rtb123.com *.rtb123.com *.cybba.solutions *.cybba.us storage.googleapis.com rmtag.com *.rmtag.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com jotform.com *.jotform.com microsoft.github.io *.omtrdc.net *.bizible.com *.moatads.com *.gstatic.com *.adnxs.com *.clarity.ms *.tiktok.com *.ibytedtos.com *.tiktokcdn.com *.pixel.ad pixel.sitescout.com trustpilot.com *.trustpilot.com *.s3.amazonaws.com s3.amazonaws.com *.adform.net adobe.com *.adobe.com *.mathtag.com *.website-files.com *.cloudflare.com *.jsdelivr.net *.driftt.com assets.website-files.com assets-global.website-files.com; style-src 'self' 'unsafe-inline' *.ncr.com assets.juicer.io cdnjs.cloudflare.com fonts.googleapis.com www.youtube.com optanon.blob.core.windows.net *.hotjar.com use.edgefonts.net *.calendly.com *.cloudfront.net jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com *.tiktokcdn.com *.cookielaw.org assets.website-files.com assets-global.website-files.com *.s3.amazonaws.com s3.amazonaws.com; font-src 'self' *.ncr.com data: assets.juicer.io cdnjs.cloudflare.com fonts.gstatic.com *.hotjar.com *.hotjar.io use.edgefonts.net *.cloudfront.net *.fontawesome.com; connect-src 'self' *.ncr.com *.demdex.net *.addthis.com www.juicer.io *.hotjar.com *.hotjar.io data.schemaapp.com *.omtrdc.net wss://*.hotjar.com *.demandbase.com *.callrail.com *.s3.amazonaws.com s3.amazonaws.com api.company-target.com *.fullstory.com *.mktoresp.com *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com stats.g.doubleclick.net *.whiteboard.is *.clarity.ms *.ibytedtos.com *.mktoutil.com *.adform.net adobe.com *.adobe.com *.bing.com ; 3 default-src 'self' data: *.bouncex.net *.pressablecdn.com *.wp.com *.gravatar.com *.google-analytics.com *.hotjar.com *.doubleclick.net *.convertkit.com 'unsafe-inline'; object-src *; img-src *; media-src *; frame-src *; font-src 'self' data: *.pressablecdn.com *.wp.com *.gstatic.com maxcdn.bootstrapcdn.com; style-src 'self' *.pressablecdn.com *.wp.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' data: *.pressablecdn.com app.convertkit.com ajax.googleapis.com www.googletagmanager.com connect.facebook.net secure.gaug.es stats.g.doubleclick.net *.wp.com *.google-analytics.com *.hotjar.com *.bounceexchange.com *.optimizely.com 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: data: blob: 3 object-src 'self'; frame-ancestors 'self' 3 frame-ancestors 'self' *.winfuture.de; 3 frame-ancestors www.red-gate.com; 3 default-src 'self'; connect-src 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://forms.hubspot.com https://www.google-analytics.com https://keepersecurity.ktrjao.net https://ws.zoominfo.com https://rp.liadm.com https://s.yimg.com https://cdn.cookielaw.org https://cdn.cookielaw.org https://sdk.fra-01.braze.eu https://c.6sc.co https://secure.adnxs.com https://scheduler.ringlead.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://*.studentbeans.com https://js.driftt.com https://widget.drift.com https://forms.hsforms.com https://platform.twitter.com https://twitter.com https://click.linksynergy.com https://insight.adsrvr.org https://tr.snapchat.com; img-src 'self' https: data:; media-src 'self' https://widget.driftqa.com; script-src 'self' 'unsafe-inline' https://*.studentbeans.com https://*.searchcdn.com https://*.impactradius-event.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://js.driftt.com https://ws-assets.zoominfo.com https://js.hs-banner.com https://www.upsellit.com https://prod.upsellit.com https://b-code.liadm.com https://trk.techtarget.com https://s.yimg.com https://click.linksynergy.com https://static.ads-twitter.com https://platform.twitter.com https://analytics.twitter.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://js.appboycdn.com https://js.adsrvr.org https://j.6sc.co https://www.googleadservices.com https://sc-static.net https://s.yimg.jp https://scheduler.ringlead.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://app.addsearch.com https://platform.twitter.com https://use.fontawesome.com; 3 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 3 frame-ancestors https://www.zyxel.com https://communicasia.zyxel.com/ https://bbwf.zyxel.com https://mwc.zyxel.com https://www.zyxel.ch https://www.zyxel.fr https://www12.zyxel.com 3 frame-ancestors 'self' *.bloomreach.cloud 3 frame-ancestors 'self' https://www.maykinmedia.nl https://www.lessonup.com https://lessonup.app 3 default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com; frame-ancestors file: cdvfile: 'self'; 3 default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors * 'self' 3 default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 3 frame-ancestors 'self' https://dealerexperience.cadillac.com https://dealerexperience-cadillac-com.*.wpx.gm.com 3 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com *.zoominfo.com *.pusher.com *.icemortgagetechnology.com *.pardot.com unpkg.com *.google.co.in 3 frame-ancestors 'self' *.ampproject.org *.zdbb.net 3 default-src * data: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self'; 3 default-src 'self'; frame-src 'self' youtube.com www.youtube.com player.vimeo.com w.soundcloud.com www.flickr.com flic.kr platform.twitter.com www.instagram.com *.google.com www.facebook.com open.spotify.com www.slideshare.net cdn.knightlab.com uploads.knightlab.com multimedia.opusdei.org www.canva.com; object-src 'self' youtube.com www.youtube.com; script-src 'self' 'unsafe-inline' opusdei.us7.list-manage.com platform.twitter.com api.twitter.com www.instagram.com www.facebook.com www.google.com www.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com odnmedia.s3.amazonaws.com widget.spreaker.com cdn.knightlab.com images-opus-dei.s3.amazonaws.com sdk.canva.com; manifest-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com cdnjs.cloudflare.com multimedia.opusdei.org odnmedia.s3.amazonaws.com odnmedia.s3.eu-west-1.amazonaws.com cdn.knightlab.com images-opus-dei.s3.amazonaws.com; img-src 'self' data: image/svg+xml images.opusdei.org multimedia.opusdei.org images-opus-dei.s3.amazonaws.com images-opus-dei.s3.eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com odnmedia.s3.amazonaws.com *.google.com www.googleapis.com *.gstatic.com img.youtube.com i.ytimg.com i.vimeocdn.com *.staticflickr.com i1.sndcdn.com odnmedia.s3.eu-west-1.amazonaws.com; worker-src 'self'; font-src 'self' fonts.gstatic.com data:; media-src 'self' multimedia.opusdei.org odnmedia.s3.amazonaws.com player.vimeo.com vod-progressive.akamaized.net; connect-src 'self' images.opusdei.org www.google-analytics.com soundcloud.com; base-uri 'self'; form-action 'self' opusdei.us7.list-manage.com www.paypal.com 3 frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 3 frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com; object-src 'none'; base-uri https://optimize.google.com; block-all-mixed-content 3 frame-ancestors 'self' *.3sharecorp.com 3 object-src 'none'; block-all-mixed-content 3 default-src 'self' hawaiianairlinesinc.marketing.adobe.com data: blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data:; connect-src * data:; font-src * data:; frame-src *; frame-ancestors 'self' hawaiianairlinesinc.marketing.adobe.com https://www.kayak.com/ 3 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: blob: https:; media-src 'self' data: blob: mediastream: https:; frame-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' data: https: 3 frame-ancestors 'self' http://*.iframely.com 3 default-src 'self' ; script-src 'self' 'unsafe-inline' * 'unsafe-eval' *; object-src 'self' 'unsafe-inline' * 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 'unsafe-eval' *; img-src 'self' 'unsafe-inline' * 'unsafe-eval' *; media-src 'self' 'unsafe-inline' * 'unsafe-eval' *; child-src 'self' 'unsafe-inline' * 'unsafe-eval' *; font-src 'self' 'unsafe-inline' * 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' * 'unsafe-eval' *; report-uri /report-csp-violation 3 default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dnbweb-editor.preview.kkn.zd.intranet.bund.de *.cloudfront.net jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 3 default-src 'self' *.ekantipur.com *.kantipurdaily.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'none'; 3 upgrade-insecure-requests; frame-ancestors 'none'; 3 frame-ancestors *.plaync.com *.ncsoft.com *.plaync.com.tw *.ncsoft.jp 3 frame-ancestors 'self' https://*.khapps.com https://*.khapps.jp; 3 frame-ancestors 'self' https://*.radford.edu; upgrade-insecure-requests; 3 default-src 'self' http://localhost:* https://*.supercharge-srp.co https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com; prefetch-src http://tpc.googlesyndication.com https://tpc.googlesyndication.com http://securepubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://tags.tiqcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' http://localhost:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://*.hotjar.com/ https://unpkg.com/ https://polyfills.io/ https://cdnjs.cloudflare.com https://cdn.ravenjs.com https://widget.intercom.io http://www.googletagservices.com https://www.googletagservices.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://adservice.google.com https://securepubads.g.doubleclick.net http://tpc.googlesyndication.com https://tpc.googlesyndication.com https://adservice.google.com.au https://adservice.google.com.hk https://adservice.google.com.sg https://js.intercomcdn.com http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.branch.io/ https://app.link/ https://www.google-analytics.com http://tags.tiqcdn.com https://tags.tiqcdn.com https://www.youtube.com https://s.ytimg.com https://*.useinsider.com https://*.sol-data.com http://*.amplitude.com https://*.amplitude.com; style-src 'unsafe-inline' 'self' http://localhost:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.googleapis.com/ https://tagmanager.google.com https://*.useinsider.com; img-src * data:; font-src 'self' https://*.jobsdb.com https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.gstatic.com/ https://static.hotjar.com/ https://js.intercomcdn.com data:; connect-src 'self' https://www.seek.com.au/ http://www.seek.com.au.staging/ https://*.seek.com http://candidate-graphql-api-candy-shared-dev-active.ap-southeast-2.elasticbeanstalk.com/ http://localhost:* ws://localhost:* https://*.sol-data.com https://*.supercharge-srp.co:8080/ https://*.jobsdb.com/ http://*.jobsdb.com/ https://dpm.demdex.net/ https://*.jobstreet.com/ http://*.jobstreet.co.id http://*.jobstreet.com.my http://*.jobstreet.com.ph http://*.jobstreet.com.sg https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg http://*.supercharge-srp.co https://*.supercharge-srp.co https://*.hotjar.com:*/ https://*.elasticbeanstalk.com:8080/ ws://*.hotjar.com/ wss://*.hotjar.com/ https://*.intercom.io wss://*.intercom.io https://securepubads.g.doubleclick.net https://csi.gstatic.com https://api2.branch.io/ https://app.link/ https://pagead2.googlesyndication.com https://*.useinsider.com https://*.amplitude.com; frame-src https://vars.hotjar.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://staticxx.facebook.com https://www.youtube.com https://*.useinsider.com https://*.safeframe.googlesyndication.com https://seekasia.demdex.net 3 frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 3 default-src 'self' * data: blob: https: *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com *.peacebanana.com *.ostrichesica.com *.cloudflareinsights.com *.cheqzone.com *.cloudfront.net *.datadoghq-browser-agent.com *.gstatic.com *.google.com *.alooma.com *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: safetydetectives.com *.safetydetectives.com safetydetective.com *.safetydetective.com *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.googletagmanager.com *.googleapis.com *.gstatic.com; 3 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp®ion=US&lang=en-US&device=desktop&partner=frontier; 3 report-uri / 3 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; font-src * data:; img-src * data: blob: 'unsafe-inline'; frame-src sanalmarket: yenism: http://*.youtube.com https://tr.rdrtr.com https://stags.bluekai.com https://*.creativecdn.com https://creativecdn.com https://*.criteo.com https://*.facebook.com https://*.doubleclick.net https://*.api.sociaplus.com https://*.webinstats.com https://sanalmarket.api.useinsider.com https://optimize.google.com https://*.bkmexpress.com.tr https://www.linkadoo.co https://linkadoo.co https://channelconnector.smartmessage-connect.com; style-src * 'unsafe-inline'; 3 default-src 'self' https://*.liberbank.es https://realmadrid.unicajabanco.es/ https://www.google.com https://www.facebook.com/tr/ https://api.liberbank.es:80 https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.webpushr.com https://snap.licdn.com https://www.youtube.com https://www.norbolsa.es https://analytics.twitter.com https://www.liberbank.es https://realmadrid.unicajabanco.es/ https://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://*.google.com https://storage.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://use.typekit.net/lzp0kbu.js https://maps.googleapis.com *.hotjar.com https://www.googleadservices.com https://bat.bing.com https://track.adform.net https://googleads.g.doubleclick.net *.browseranalytic.com browseranalytic.com https://player.vimeo.com/api/player.js https://piwik.lander.net/piwik.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/ https://connect.facebook.net https://service.force.com https://liberbankit.my.salesforce.com https://d.la1-c1-frf.salesforceliveagent.com https://onboardinglbk.secure.force.com https://s2.adform.net https://www.tarjetaplaystation.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://use.typekit.net https://use.fontawesome.com https://cdnjs.cloudflare.com https://p.typekit.net https://*.google.com https://service.force.com https://onboardinglbk.secure.force.com;img-src 'self' https://*.googleapis.com https://*.kxcdn.com https://cdn.webpushr.com https://px.ads.linkedin.com https://t.co https://www.google-analytics.com https://*.google.com https://www.facebook.com https://www.norbolsa.es data: https://p.typekit.net https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.googleapis.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://bat.bing.com https://www.google.es *.browseranalytic.com browseranalytic.com https://googleads.g.doubleclick.net https://clean.tracksacai.com https://tbl.tradedoubler.com https://afinia.uinterbox.com https://openlead.bankimia.com https://atrapacredito.go2cloud.org https://liberbankit--devcc2--c.cs84.visual.force.com https://liberbankit--devcc2.cs84.my.salesforce.com https://www.gstatic.com;connect-src 'self' https://*.webpushr.com wss://*.hotjar.com https://bat.bing.com https://*.google.es https://www.facebook.com https://www.liberbank.es https://realmadrid.unicajabanco.es/ https://bat.bing.com https://*.google.com https://*.google.es https://www.google-analytics.com https://lbk-asistente-pro-principal.appspot.com https://vc.hotjar.io https://api.liberbank.es https://api-glbk.liberbank.es https://lbkapi-pre.vorago.es https://*.hotjar.com/ *.browseranalytic.com browseranalytic.com https://stats.g.doubleclick.net https://devcc4-onboardinglbk.cs109.force.com https://onboardinglbk.secure.force.com https://ws1.premiumnumbers.es;font-src 'self' https://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com https://cdnjs.cloudflare.com https://www.facebook.com/tr/;object-src 'self';media-src 'self';sandbox allow-forms allow-scripts allow-modals allow-popups allow-presentation allow-same-origin allow-popups-to-escape-sandbox allow-top-navigation;child-src 'self' https://portalprov.liberbank.es https://www.facebook.com https://openbanking.liberbank.es https://bedesa-liberbank.ceca.es https://*.google.com https://vars.hotjar.com https://www.youtube.com https://track.adform.net https://player.vimeo.com https://*.fls.doubleclick.net https://vimeo.com https://service.force.com;form-action 'self' https://www.facebook.com/tr/;frame-ancestors 'self';plugin-types application/pdf; 3 object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca thecityofcalgary.maps.arcgis.com 3 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 3 frame-ancestors 'self' https://*.shareworks.com https://*.solium.com https://shareworksacademy.exceedlms.com https://shareworks.exceedlms.com https://shareworkstest.exceedlms.com https://shareworks.exceedlms-staging.com https://globalstockandrewards.com https://www.globalstockandrewards.com https://stockvantage.com https://www.stockvantage.com 3 frame-ancestors 'self' *.bnc.ca *.nbc.ca; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' https://ge.ch *.etat-ge.ch; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: https://ge.ch https://*.infomaniak.com https://*.infomaniak.ch https://www.google-analytics.com *.etat-ge.ch; media-src 'self' https://*.infomaniak.com https://*.infomaniak.ch; frame-src 'self' https://vod.infomaniak.com https://player.infomaniak.com https://*.ge.ch https://ge.ch https://www.ropag-data.ch https://sketchfab.com; frame-ancestors https://*.ge.ch; child-src 'self' https://vod.infomaniak.com https://*.ge.ch https://ge.ch; font-src 'self'; connect-src 'self' *.etat-ge.ch ge.ch *.ge.ch *.geneveid.ch; report-uri /report-csp-violation 3 default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.amitavac.com *.googleapis.com *.googletagmanager.com platform.twitter.com shanx.matomo.com *.amazonaws.com apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com cdn-images.mailchimp.com *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com i.imgur.com imgur.com data: https:; style-src 'self' 'unsafe-inline' *.shanx.com cdn-images.mailchimp.com *.karlaporter.com *.amitavac.com *.ionicframework.com use.typekit.net fonts.adobe.com fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com use.typekit.net *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src https:; media-src 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; 3 default-src 'self'; style-src 'self' *.commandersact.com/ *.twimg.com/ *.twitter.com/ *.live2support.com/ *.lpsnmedia.net/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ 'unsafe-inline'; script-src 'self' *.ads-twitter.com/ *.tiktok.com/ https://sc-static.net/ *.snapchat.com/ *.hypemarks.com/ *.licdn.com/ *.commandersact.com/ *.twimg.com/ *.trustcommander.net/ *.cdn.syndication.twimg.com/ *.zencdn.net/ https://telegram.org/ https://youtube.com/iframe_api *.youtube.com/ *.twitter.com/ *.ytimg.com/ *.secutix.com/ *.swaven.com/ *.live2support.com/ *.googletagmanager.com/ *.tagcommander.com/ *.facebook.net/ *.google.ie/ *.google.de/ *.lpsnmedia.net/ *.hotjar.com/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.digital4danone.com/ *.addthisedge.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://t.co/ *.hypemarks.com/ *.linkedin.com/ *.assetsadobe.com/ *.live2support.com/ *.twimg.com/ *.swaven.com/ *.twitter.com/ *.trustcommander.net/ *.cdninstagram.com/ *.outbrain.com/ *.danone.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.facebook.com/ *.googletagmanager.com/ *.youtube.com/; frame-src 'self' *.snapchat.com/ *.commandersact.com/ *.vimeo.com/ *.linkedin.com/ *.twitter.com/ https://cdn.trustcommander.net/ https://t.me/ https://static.rolex.com/ *.swaven.com/ *.ausha.co/ *.q4europe.com/ *.tohklom.com/ *.tagcommander.com/ *.liveperson.net/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com/ *.youtube.com/ *.adsrvr.org/ *.cloudfront.net/ *.spotify.com/ *.hypemarks.com/; connect-src 'self' *.tiktok.com/ *.commandersact.com/ *.googleapis.com/ *.privacy.commander1.com/ *.privacy.trustcommander.net/ https://privacy.trustcommander.net/ https://privacy.commander1.com/ *.q4europe.com/ *.swaven.com/ *.youtube.com/ *.live2support.com/ *.addthis.com/ *.google-analytics.com *.facebook.com/ *.instagram.com/ *.secutix.com/ *.omtrdc.net/ *.sharethis.com/ *.doubleclick.net/; font-src 'self' *.commandersact.com/ *.live2support.com/ data: *.amazonaws.com/ *.gstatic.com/ *.zencdn.net/; media-src 'self' *.lpsnmedia.net/ 3 default-src 'self' data: https://*.epam.com https://*.epam-group.ru;script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://connect.facebook.net https://conv.indeed.com https://www.google.com https://snap.licdn.com https://*.hotjar.com https://use.typekit.com https://www.google-analytics.com https://*.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://s.ytimg.com https://www.youtube.com https://*.assets-yammer.com https://*.typekit.net https://*.typekit.com https://menu.epam.com https://googleads.g.doubleclick.net https://vk.com https://*.adform.net https://res.wx.qq.com https://t.visitorqueue.com https://munchkin.marketo.net https://www.linkedin.com https://embed.typeform.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.gstatic.com https://tagmanager.google.com;connect-src 'self' https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.md https://yandexmetrica.com https://*.hotjar.io https://www.google.com https://translate.googleapis.com https://www.youtube.com wss://menu.epam.com https://menu.epam.com https://*.typekit.net https://*.typekit.com https://www.facebook.com https://stats.g.doubleclick.net https://a.visitorqueue.com https://*.mktoresp.com https://*.mktoutil.com;frame-src 'self' https://*.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.md https://*.doubleclick.net https://www.google-analytics.com https://www.google.by https://www.google.com https://*.epam.com https://*.yammer.com https://login.microsoftonline.com https://vk.com https://login.vk.com https://www.googletagmanager.com https://w.soundcloud.com https://www.linkedin.com https://form.typeform.com https://player.vimeo.com;img-src 'self' * data: blob: about: android-webview-video-poster:;font-src 'self' data: https://*.typekit.net https://*.typekit.com https://fonts.gstatic.com;report-uri /services/interaction/csp-report 3 object-src 'none'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 3 style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 3 frame-ancestors http://www.moex.com 3 default-src 'unsafe-inline' 'unsafe-eval' https: blob: data:; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com; report-uri https://60bfaa9a846bec9e32cc07e1.endpoint.csper.io; 3 frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 3 default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3 frame-ancestors self https://*.chaosgroup.com https://secure.avangate.com https://secure.2checkout.com 3 default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 3 default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src * data: 3 frame-ancestors 'self'; default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 3 default-src 'self';frame-ancestors 'none';frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com *.facebook.com *.youtube.com *.trustpilot.com *.criteo.com;child-src 'self';form-action 'self';img-src 'self' data: *.kromtech.net *.mackeeper.com *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.outbrain.com *.gstatic.com http://mackeeper.com https://mackeeper.com *.atdmt.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.youtube.com *.ytimg.com *.taboola.com *.outbrain.com *.trustpilot.com http://mackeeper.com https://mackeeper.com http://support.zoomsupport.com http://crm.zoomsupport.com http://chat-crm.zoomsupport.com *.criteo.net *.criteo.com https://polyfill.io/v3/polyfill.min.js https://www.dwin1.com http://www.youtube.com/player_api;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.google.com http://mackeeper.com https://mackeeper.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com;object-src 'none';connect-src 'self' *.facebook.com *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com https://analytics.google.com wss://*.hotjar.com *.taboola.com *.outbrain.com http://rp.liadm.com https://rp.liadm.com https://bat.bing.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 3 frame-ancestors http://*.trabajando.com https://*.trabajando.com https://*.trabajando.cl https://*.gpsrrhh.com http://*.trabajando.cl http://*.gpsrrhh.com http://portaltrabajos.ulagos.cl https://www.creaempleo.cl http://empleo.udec.cl http://empleos.ubb.cl http://egresados.utalca.trabajando.com http://empleos.uv.cl http://www.mercadolaboraluc.cl http://empleos.ucentral.cl http://www.unapempleo.cl http://www.trabajandouss.cl http://www.empleos.uchile.cl http://trabajos.usach.cl http://empleos.uach.cl http://laboral.inacap.cl http://empleos.derecho.uchile.cl http://empleosfactec.usach.cl http://trabajos.enac.cl http://*.omil.cl https://*.omil.cl https://accesounico.ceduc.cl http://accesounico.ceduc.cl http://empleosqa.sii.cl https://marketplace.trabajando.cl https://trabajos.achs.cl http://trabajos.achs.cl https://ferialaboral.inacap.cl https://laboral.inacap.cl https://www.lamejorpegadechile.cl http://www.lamejorpegadechile.cl; 3 default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-src 'self' https://*.beocms.de https://*.beocms.com data: https: blob:; connect-src 'self' data: https:; media-src 'self' data: https: blob: 3 style-src https: 'unsafe-inline' ; script-src https: data 'unsafe-inline' 'unsafe-eval' ; default-src * data: ; 3 frame-src 'self' https://www.terminland.de *.datev-bot.de *.datev.de *.datev.com 3 default-src 'self' http: https: blob: ws: cdnjs.cloudflare.com use.typekit.net wpstream.net www.google-analytics.com fonts.googleapis.com fonts.gstatic.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://securepubads.g.doubleclick.net https://ml314.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: filesystem:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 3 script-src 'self' 'unsafe-inline' https://js.stripe.com; img-src 'self' data: https://www.gravatar.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self'; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 3 default-src 'self'; form-action 'self'; object-src 'self'; connect-src 'self' https://api.github.com; media-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://matomo.riot.im/matomo.php; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://webforms.pipedrive.com https://*.pipedriveassets.com; child-src 'self' https://webforms.pipedrive.com 3 frame-ancestors *.windstream.net 3 img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; font-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'self'; 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.ameriprise.com *.ampf.com *.ameripriseadvisors.com *.qualtrics.com *.glance.net *.googleapis.com *.google.com *.twitter.com *.twimg.com *.linkedin.com *.quantserve.com *.google-analytics.com *.egain.cloud *.analytics-egain.com *.akamaihd.net *.prod.boltdns.net https://ssl.google-analytics.com https://snap.licdn.com https://bat.bing.com https://connect.facebook.net trkn.us s.ameriprisestats.com https://assets.adobedtm.com https://rules.quantcount.com https://maxcdn.bootstrapcdn.com https://trkn.us https://d.turn.com *.doubleclick.net https://s.ameriprisestats.com secure.img-cdn.mediaplex.com https://cdn.ameriprisecontent.com https://maps.googleapis.com *.zscalertwo.net *.online-metrix.net *.gstatic.com *.pietech.com/ https://www.refinitiv.com/ https://maps.google.com https://awm-app-aitt.ampf.com https://www.dinkytown.net http://www.sipc.org/ https://www.riversource.com/ *.investormailbox.com/ https://www.forefieldkt.com https://4266532.fls.doubleclick.net https://advisorcompass.112.2o7.net https://fonts.googleapis.com https://uat-federation.usbank.com https://www.google.com https://pixel.quantserve.com http://www.opinionlab.com https://www.googletagmanager.com https://www.thompsonreuters.com https://stackoverflow.com https://brokerage.ameriprise.com https://www.quovo.com/ http://www.advicentsolutions.com/aup https://www.nmlsconsumeraccess.org/ https://www.fdic.gov/ https://newpublic.cfraresearch.com/legal/ https://secure.opinionlab.com http://brokercheck.finra.org/ http://www.prnewswire.com http://pdf.reuters.com http://www.jenner.com http://www.bankofengland.co.uk/PRA/ http://www.zillow.com/zestimate/ *.barclaycardus.com 16056.id.amgdgt.com/ http://www.moneyguidepro.com/ https://platform.twitter.com https://apis.google.com http://videojs.com https://web-2-tel.com https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://dpm.demdex.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://cm.everesttech.net https://ad.doubleclick.net https://www.facebook.com https://cdn.syndication.twimg.com https://ameriprisefinancial.demdex.net https://gateway.zscalertwo.net *.advisorcompass.com https://login.zscalertwo.net https://ocs.ameriprise.com https://h.online-metrix.net *.d.aa.online-metrix.net *.ggpht.com https://edge.api.brightcove.com *.crwdcntrl.net https://cdn.gbqofs.com *.brightcove.net https://insight.adsrvr.org https://tags.w55c.net https://vjs.zencdn.net https://metrics.brightcove.com https://secure.brightcove.com https://report.ameriprise.glassboxdigital.io https://bid.g.doubleclick.net https://cm.g.doubleclick.net https://tags.w55c.net https://dsum-sec.casalemedia.com *.morningstar.com https://www.mediamath.com/ https://pixel.mathtag.com https://aa.agkn.com https://players.brightcove.net/ https://sync.search.spotxchange.com https://loadus.exelator.com https://x.bidswitch.net https://pixel.advertising.com https://ads.scorecardresearch.com https://us-u.openx.net https://contextual.media.net https://match.adsrvr.org https://ad.sxp.smartclip.net https://px.britepool.com *.bluekai.com https://idsync.rlcdn.com https://www.google.co.in https://ameriprisefinancial.egain.cloud https://ameriprisefinancialdev.egain.cloud https://cloud-us.analytics-egain.com/ *.glancecdn.net *.amazonaws.com https://presence.glance.net https://ampf.htm2pdf.co.uk https://pixel.rubiconproject.com 3 frame-ancestors 'self' https://*.iproperty.com.my https://*.squarefoot.com.hk ; 3 default-src 'self' https://tramitesanonimos.cnmc.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; child-src 'self' https://www.google.com/recaptcha/ https://docs.google.com https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: https://translate.google.com https://getbootstrap.com https://www.jsdelivr.com https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://www.google-analytics.com https://blog.cnmc.es; media-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.gstatic.com/recaptcha/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://www.gstatic.com/recaptcha/; object-src 'self'; connect-src 'self' https://bootswatch.com https://translate.googleapis.com https://www.google-analytics.com; 3 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com fast.wistia.com *.wistia.net embedwistia-a.akamaihd.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/ cdn.evgnet.com cdn.getsmartcontent.com s.getsmartcontent.com v1.addthisedge.com z.moatads.com www.youtube.com view.ceros.com *.wistia.com *.wistia.net src.litix.io; img-src 'self' data: ssl.gstatic.com/ embed.wistia.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net secure.adnxs.com ib.adnxs.com/ www.google.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com bat.bing.com www.facebook.com px.ads.linkedin.com p.adsymptotic.com/ i.ytimg.com www.guardiananytime.com/ pixel.mediaiqdigital.com pixel.mathtag.com d1bvwpcbxq9v24.cloudfront.net t.co idsync.rlcdn.com embedwistia-a.akamaihd.net *.amazonaws.com cx.atdmt.com www.linkedin.com/ *.fls.doubleclick.net cm.g.doubleclick.net; frame-src 'self' m.addthis.com s7.addthis.com *.youtube.com *.vimeo.com *.wistia.com *.wistia.net script.hotjar.com vars.hotjar.com cm.g.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org my.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com cdn.getsmartcontent.com *.bound360.com tagmanager.google.com www.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ bid.g.doubleclick.net pi.pardot.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz *.fls.doubleclick.net; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian guardianlife.us-1.evergage.com bat.bing.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz; font-src 'self' data: fonts.gstatic.com *.wistia.com; media-src 'self' blob: data: www.podbean.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net 3 font-src 'self' cdn.appsflyer.com/creatives-fonts/;form-action 'self' www.facebook.com/tr/;base-uri 'self';manifest-src 'self';style-src 'self' 'unsafe-inline';frame-ancestors 'self' *.sber.ru *.sber.com *.championat.com;object-src 'none';media-src 'self' blob: *.zvuk.com unisound.cdnvideo.ru/static/creative/audio/ r.mradx.net *.emgsound.ru *.cdnvideo.ru *.101.ru:* *.n340.com:8443 *.hostingradio.ru:* icecast-zvezda.mediacdn.ru/radio/zvezda/zvezda_128;child-src 'self';frame-src 'self' sberzvook.clients.webcaster.pro vars.hotjar.com/ www.google.com/recaptcha/ mc.yandex.ru/ img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru www.facebook.com/ sportrecs.com/embed/ secure.payture.com www.youtube.com/ online.sberbank.ru/CSAFront/oidc/authorizelow.do;img-src 'self' data: blob: *.sber-zvuk.com *.zvuk.com *.zvooq.com zvooq.com zvuk.com www.tns-counter.ru vk.com/rtrg www.facebook.com/tr/ counter.yadro.ru www.google-analytics.com sberzvuk-webconstuctor.dev.finch.fm mc.yandex.ru/ img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru/ profile.ssp.rambler.ru/ *.instreamatic.com unisound.cdnvideo.ru/static/creative/image/ ad.mail.ru/ *.ops.beeline.ru/ *.rtb.mts.ru/ an.yandex.ru/ rs.mail.ru/pixel/ r.mradx.net ad.doubleclick.net/ddm/trackimp/ kraken.rambler.ru/cnt/ login.vk.com impressions.onelink.me api.radioplayer.ru/images/ oss-prod-finch-webadmin.obs.ru-moscow-1.hc.sbercloud.ru image-service.obs.ru-moscow-1.hc.sbercloud.ru www.google.com www.google.ru www.google.by www.google.com.ua www.google.kz www.google.kg www.google.am www.google.ge www.google.tm www.google.com.tj www.google.co.uz www.google.az;default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;report-uri https://frontsentry.zvq.me/api/4/security/?sentry_key=0ef7ad22820f4d6388b5a60b9fc74e40 3 : script-src "self" 3 child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.googleapis.com *.gstatic.com *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.ampproject.org *.bing.com *.doubleclick.net *.dynad.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 3 default-src 'self' 'unsafe-inline' *.tableau.com *.vimeo.com *.youtube.com pro.ip-api.com cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com fonts.gstatic.com www.google.com *.googleapis.com maps.gstatic.com developers.google.com tagmanager.google.com ssl.gstatic.com www.gstatic.com tagmanager.google.com apikeys.civiccomputing.com cc.cdn.civiccomputing.com cdn.siteimprove.net data:; 3 connect-src 'self' *.fontawesome.com *.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com cdn.cookielaw.org *.stackadapt.com *.doubleclick.net bat.bing.com *.facebook.net s3.amazonaws.com *.yimg.com *.hubspot.com *.amazonaws.com *.hubapi.com *.hsforms.com; default-src 'self' pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com 'unsafe-inline' *.fontawesome.com *.visualwebsiteoptimizer.com app.vwo.com cdn.cookielaw.org fonts.googleapis.com cdn.pushcrew.com js.driftt.com *.dataweavers.io; font-src 'self' *.fontawesome.com *.dataweavers.io fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' burly.io *.burly.io *.youtube.com *.ytimg.com *.driftt.com *.adsrvr.org *.doubleclick.net vimeo.com *.google.com *.facebook.com *.vimeo.com *.hsforms.com; img-src 'self' *.dataweavers.io data: pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdnjs.cloudflare.com *.visualwebsiteoptimizer.com app.vwo.com *.google-analytics.com *.adsymptotic.com www.googletagmanager.com *.heartlandpaymentsystems.com *.linkedin.com *.bing.com t.co *.tribalfusion.com *.yahoo.com *.pushcrew.com pushcrew.com *.facebook.com *.google.com.au *.google.com storage.pardot.com *.doubleclick.net *.google.co.in *.gstatic.com i.ytimg.com *.hsforms.com *.hubspot.com; script-src 'self' 'unsafe-inline' *.fontawesome.com www.googletagmanager.com 'unsafe-eval' *.dataweavers.io *.google-analytics.com burly.io *.burly.io static.ads-twitter.com platform.twitter.com *.facebook.net *.doubleclick.net cdn.cookielaw.org pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdn.pushcrew.com *.yimg.com *.twitter.com *.heartlandpaymentsystems.com *.drifft.com www.googleadservices.com *.licdn.com *.visualwebsiteoptimizer.com bat.bing.com *.google.com tracking.g2crowd.com js.driftt.com gstatic.com google-analytics.com code.jquery.com *.gstatic.com; script-src-elem 'self' *.google-analytics.com 'unsafe-inline' *.fontawesome.com *.visualwebsiteoptimizer.com app.vwo.com cdn.cookielaw.org *.stackadapt.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com www.googletagmanager.com *.pushcrew.com burly.io *.burly.io *.adsrvr.org static.ads-twitter.com platform.twitter.com *.tribalfusion.com code.jquery.com *.doubleclick.net *.driftt.com *.dataweavers.io *.g2crowd.com *.gstatic.com *.licdn.com *.facebook.net *.yimg.com *.google.com bat.bing.com www.googleadservices.com *.twitter.com *.analytics.yahoo.com fonts.googleapis.com *.hsforms.com *.hs-analytics.net js.hsforms.net/forms/v2.js js.hs-scripts.com/2146553.js js.hscollectedforms.net/collectedforms.js js.hs-banner.com/2146553.js js.hsadspixel.net/fb.js js.hs-analytics.net/analytics/1633103100000/2146553.js js.hs-analytics.net/analytics/1633103400000/2146553.js; style-src-elem 'self' *.stackadapt.com 'unsafe-inline' *.pushcrew.com *.dataweavers.io fonts.googleapis.com; worker-src 'self' blob:; 3 default-src https://player.vimeo.com https://vars.hotjar.com splash-screen.net www.abtasty.com https://optimize.google.com wss://*.hotjar.com https://www.splash-screen.net try.abtasty.com https://*.hotjar.io optimize.google.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com wss://ws3.hotjar.com teddytor.abtasty.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl leads.sandboxbnpparibas.pl bnp-paribas.user.com https://graylog.hotjar.com:12443 http://*.hotjar.com:* https://try.abtasty.com https://insights.hotjar.com widget.user.com https://*.hotjar.com:* https://vimeo.com googleads.g.doubleclick.net http://*.hotjar.io https://www.google-analytics.com qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://leads.sandboxbnpparibas.pl https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com prospectleads.bnpparibas.pl leads.sandboxbnpparibas.pl widget.user.com *.try.abtasty.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl data: 'self'; style-src bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://www.gstatic.com teddytor.abtasty.com www.google.com *.app.abtasty.com *.abtasty.com *.ratatu.pl https://fonts.googleapis.com https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net https://tagmanager.google.com prospectleads.bnpparibas.pl leads.sandboxbnpparibas.pl bnp-paribas.user.com https://bgz-fb.squiz.pl www.googleapis.com https://teddytor.abtasty.com widget.user.com googleads.g.doubleclick.net https://skk.erecruiter.pl *.google.com https://www.ytimg.com 52.166.95.107 'self' 'unsafe-inline'; img-src https://optimize.google.com https://www.facebook.com https://pixel.wp.pl https://cm.g.doubleclick.net https://*.googleapis.com stats.g.doubleclick.net *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl *.app.abtasty.com www.google.com bcp.crwdcntrl.net *.ratatu.pl www.google-analytics.com www.0.s-nk.pl https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net leads.sandboxbnpparibas.pl https://www.i1.ytimg.com bnp-paribas.user.com *.gstatic.com https://www.googleapis.com widget.user.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com bnp-optima-uat-search01.squiz.pl https://ib.adnxs.com https://dot.wp.pl https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com teddytor.abtasty.com *.abtasty.com https://www.emplocity.com clients1.google.com https://tbl.tradedoubler.com https://ad.doubleclick.net prospectleads.bnpparibas.pl www.linkedin.com https://bgz-fb.squiz.pl https://s1.2mdn.net *.ggpht.com https://www.google.pl https://sp.analytics.yahoo.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com www.passets.pinimg.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://vars.hotjar.com https://s-static.ak.facebook.com http://*.fls.doubleclick.net https://www.s-static.ak.facebook.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com https://platform.linkedin.com teddytor.abtasty.com *.app.abtasty.com www.google.com static.ak.facebook.com *.abtasty.com www.youtube.com dcinfos.abtasty.com *.ratatu.pl https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl www.facebook.com *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl leads.sandboxbnpparibas.pl https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com https://try.abtasty.com widget.user.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://optimize.google.com https://script.hotjar.com https://app.ehoundplatform.com https://pixel.wp.pl https://www.ssl.gstatic.com https://*.googleapis.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://platform.linkedin.com *.www.abtasty.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net *.ratatu.pl www.assets.pinterest.com https://www.youtube.com www.google-analytics.com www.0.s-nk.pl https://www.google.com https://leads.sandboxbnpparibas.pl https://cse.google.com *.vimeo.com leads.sandboxbnpparibas.pl bnp-paribas.user.com www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com https://teddytor.abtasty.com www.static.ak.facebook.com widget.user.com https://apis.google.com https://skk.erecruiter.pl https://www.abtasty.com https://emplocity.com https://px.wp.pl splash-screen.net www.abtasty.com https://www.googleadservices.com https://static.hotjar.com https://dcinfos.abtasty.com https://www.s-static.ak.facebook.com https://www.splash-screen.net https://www.oauth.googleusercontent.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com *.abtasty.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com prospectleads.bnpparibas.pl https://leads.sanboxbnpparibas.pl http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bgz-fb.squiz.pl https://www.bnpparibas.pl https://try.abtasty.com https://www.google.pl https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com https://prospectleads.bnpparibas.pl www.platform.twitter.com https://www.apis.google.com 52.166.95.107 https://www.static.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl leads.sandboxbnpparibas.pl https://stats.g.doubleclick.net bnp-paribas.user.com try.abtasty.com stats.g.doubleclick.net https://try.abtasty.com widget.user.com app.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net *.ad.doubleclick.net teddytor.abtasty.com *.app.abtasty.com *.abtasty.com *.google.com dcinfos.abtasty.com *.ratatu.pl 52.166.95.107 'self'; connect-src https://emplocity.com www.abtasty.com wss://ws4.hotjar.com wss://*.hotjar.com https://www.splash-screen.net https://www.facebook.com try.abtasty.com bnp-optima-uat-search01.squiz.pl stats.g.doubleclick.net app.abtasty.com https://app.userengage.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl wss://bnp-paribas.user.com teddytor.abtasty.com wss://ws3.hotjar.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl https://leads.sandboxbnpparibas.pl *.googleads.g.doubleclick.net prospectleads.bnpparibas.pl wss://ws9.hotjar.com https://vc.hotjar.io leads.sandboxbnpparibas.pl bnp-paribas.user.com https://bgz-fb.squiz.pl https://graylog.hotjar.com:12443 www.splash-screen.net https://insights.hotjar.com widget.user.com https://in.hotjar.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com https://www.abtasty.com 52.166.95.107 'self' 3 frame-ancestors 'self' https://de.page4.com https://en.page4.com; 3 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors *; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru www.gstatic.com www.google.com www.otis.com geolocation.onetrust.com googleads.g.doubleclick.net heyotis.appspot.com js.hsforms.net *.opendns.com survey.survicate.com forms.hsforms.com fm.ipinyou.com stats.ipinyou.com www2-heyotis.snapengage.com stm-cdn.cn.miaozhen.com www.googleadservices.com console.e-bot7.de fm.ipinyou.com surveys-static.survicate.com www.googletagmanager.com cdn.cookielaw.org bat.bing.com OMUSCMSLFRPCDN03.azureedge.net storage.googleapis.com bat.bing.com connect.facebook.net heyotis.appspot.com j.6sc.co js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net OMUSCMSLFRPCDN03.azureedge.net secure.loki8lave.com snap.licdn.com storage.googleapis.com www.google-analytics.com hm.baidu.com ; style-src 'self' 'unsafe-inline' www.google.com www.otis.com fonts.googleapis.com OMUSCMSLFRPCDN03.azureedge.net; object-src 'none'; base-uri 'self'; connect-src 'self' mc.yandex.ru console.e-bot7.de www.google.com www.facebook.com OMUSCMSLFRPCDN03.azureedge.net www2-heyotis.snapengage.com privacyportal.onetrust.com www.otis.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com heyotis.appspot.com stm-collect.cn.miaozhen.com c.6sc.co respondent.survicate.com cdn.cookielaw.org api.hubapi.com bat.bing.com forms.hubspot.com secure.adnxs.com stats.g.doubleclick.net www.google-analytics.com; font-src 'self' data: www.google.com www.otis.com OMUSCMSLFRPCDN03.azureedge.net fonts.gstatic.com; frame-src 'self' mc.yandex.md players.brightcove.net console.e-bot7.de js.hsforms.net www.facebook.com www.google.com www.gstatic.com www.otis.com forms.hsforms.com 9915888.fls.doubleclick.net 9915888.fls.doubleclick.net; img-src 'self' https: http: data: ; media-src 'self' www2-heyotis.snapengage.com www.google.com www.otis.com heyotis.appspot.com OMUSCMSLFRPCDN03.azureedge.net ; worker-src 'self' blob: www.otis.com; 3 default-src 'self'; media-src 'self' https://www.youtube.com https://cdn.userway.org; connect-src 'self' https://analytics.google.com https://cdn.userway.org https://in.hotjar.com https://api.curator.io https://stats.g.doubleclick.net https://www.google-analytics.com https://ka-p.fontawesome.com https://api.userway.org https://twitter.com https://api.twitter.com https://platform.twitter.com https://pbs.twimg.com https://syndication.twitter.com https://t.co; img-src 'self' data: * https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://twitter.com https://platform.twitter.com https://pbs.twimg.com https://abs.twimg.com https://ton.twimg.com https://syndication.twitter.com https://t.co https://www.instagram.com; frame-src 'self' https://bid.g.doubleclick.net https://sheridancollege.formstack.com https://bbox.blackbaudhosting.com https://www.youtube.com *.sheridancollege.ca https://cdn.userway.org https://vars.hotjar.com https://www.google.com https://platform.twitter.com https://syndication.twitter.com https://twitter.com https://www.facebook.com https://t.co https://www.instagram.com https://e.issuu.com; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com https://cdn.curator.io https://cdn.userway.org https://ka-p.fontawesome.com https://fonts.gstatic.com https://use.typekit.net; script-src 'self' 'nonce-cspScrpt' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://tagmanager.google.com https://ssl.google-analytics.com https://static.formstack.com https://bbox.blackbaudhosting.com https://sheridancollege.formstack.com https://cdn.curator.io https://maps.googleapis.com https://www.youtube.com https://script.hotjar.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://cdn.userway.org https://connect.facebook.net https://analytics.formstack.com https://vc.hotjar.io https://www.google.com https://twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://api.twitter.com https://t.co https://www.instagram.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://bbox.blackbaudhosting.com https://cdn.curator.io https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://static.formstack.com https://platform.twitter.com https://syndication.twitter.com https://t.co https://www.instagram.com 3 frame-ancestors 'self' *.datastax.com 3 default-src photomath.net photomath.app photomath.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' tcms.photomath.net tpip.photomath.net ajax.googleapis.com apis.google.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com s.imgur.com cdnjs.cloudflare.com www.googletagmanager.com; connect-src 'self' cms.photomath.net tcms.photomath.net pip.photomath.net www.google-analytics.com stats.g.doubleclick.net script.google.com; img-src 'self' data: cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com storage.googleapis.com d2fi4ri5dhpqd1.cloudfront.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com about: data:; frame-src player.vimeo.com imgur.com apis.google.com accounts.google.com plus.google.com; object-src 'self'; manifest-src test.photomath.com; media-src player.vimeo.com vod-progressive.akamaized.net; 3 frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 3 default-src 'self' https:; img-src 'self' https: data:; script-src https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; object-src 'none' 3 default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com static.cloud.coveo.com script.crazyegg.com z.moatads.com consent.cookiebot.com consentcdn.cookiebot.com players.brightcove.net www.googletagmanager.com sjs.bizographics.com siteimproveanalytics.com s7.addthis.com vidassets.terminus.services www.googleadservices.com m.addthis.com googleads.g.doubleclick.net v1.addthisedge.com scripts.demandbase.com snap.licdn.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net api.company-target.com maps.googleapis.com; frame-ancestors 'self' players.brightcove.net bid.g.doubleclick.net consentcdn.cookiebot.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com www.fticonsulting.com; img-src 'self' 'unsafe-inline' data: px.ads.linkedin.com 63904.global.siteimproveanalytics.io p.adsymptotic.com vidassets.terminus.services www.google.com www.google.com.ec match.prod.bidr.io id.rlcdn.com www.google-analytics.com segments.company-target.com www.linkedin.com match.adsrvr.org maps.gstatic.com maps.googleapis.com www.googletagmanager.com ml.globenewswire.com www.fticonsulting.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.cloud.coveo.com www.fticonsulting.com; child-src 'self' 'unsafe-inline' consentcdn.cookiebot.com players.brightcove.net www.google.com s7.addthis.com bid.g.doubleclick.net www.fticonsulting.com 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 3 frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl 3 object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'self'; block-all-mixed-content 3 frame-ancestors 'self' http://epicor.lookbookhq.com https://epicor.lookbookhq.com; 3 object-src 'none'; img-src https: data:; default-src https:; base-uri 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; style-src https: 'unsafe-inline' 3 default-src https:; frame-ancestors 'self'; form-action 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline' 3 script-src 'self' 'unsafe-inline' blob: https://*.crazyegg.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.wistia.com https://*.wistia.net https://*.q2.com https://*.googletagmanager.com https://*.pardot.com https://*.cookielaw.org https://*.licdn.com http://cdnjs.cloudflare.com https://*.onetrust.com https://*.marketo.com https://*.crazyegg.com https://*.6sc.co/; form-action 'self' https://*.pardot.com https://*.salesforce.com; img-src 'self' data: https://*.google.com https://*.googletagmanager.com https://wp.q2.com https://*.q2.com https://*.qaq2.com https://*.gstatic.com https://*.linkedin.com https://*.cloudfront.net https://*.crazyegg.com; media-src 'self' https://*.q2.com https://*.wistia.com https://*.wistia.net https://*.cloudfront.net; frame-ancestors 'self' https://*.pardot.com https://*.wistia.com https://*.wistia.net; connect-src 'self' https://*.crazyegg.com; worker-src 'self' blob: https://*.crazyegg.com; 3 default-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital;base-uri 'self';img-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: localhost stats.g.doubleclick.net via.placeholder.com biglotteryfund-assets.imgix.net i.ytimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;font-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;style-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-inline' *.typekit.net;script-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;child-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital www.google.com https://vars.hotjar.com;connect-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com;frame-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;report-uri https://sentry.io/api/226416/csp-report/?sentry_key=53aa5923a25c43cd9a645d9207ae5b6c 3 script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 3 default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com foerderrechner.bosch-thermotechnology.com https://www.bosch-thermotechnology.us www.bosch-easycontrol.com www.heizung-steuern.com; object-src data: 'self'; img-src http: bott-tc.nautilus bott-fs.nautilus https: bott-tc.nautilus bott-fs.nautilus data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com https://www.bosch-thermotechnology.us; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 3 default-src https://optimize.google.com 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://www.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://static3.santander.pl https://rt.inistrack.net https://optimize.google.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://pixel.wp.pl https://my.tealiumiq.com https://*.googleapis.com static.yourcx.io https://www.google.pl https://googleads.g.doubleclick.net https://maps.gstatic.com https://maps.google.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://bankmozliwosci.santander.pl https://collect.tealiumiq.com https://www.googletagmanager.com www.google.com http://www.webankieta.pl https://app.revhunter.tech www.google-analytics.com 'self' data:; frame-src http://bank.santander.pl https://invis.io https://optimize.google.com https://ent.activeforms.com http://ent.activeforms.com https://doladuj-tutaj.blue.pl opinia.santander.pl http://formularze.santander.pl https://www.webankieta.pl https://www.facebook.com https://cloud.webankieta.pl http://datacloud.tealiumiq.com https://santandertfi.pl https://formularze.santander.pl https://netevent.tv https://projects.invisionapp.com http://santanderleasing.pl https://tutajdoladuj.blue.pl https://datacloud.tealiumiq.com https://fundusze.santandertfi.pl *.doubleclick.net https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://www.script.crazyegg.com https://santanderleasing.pl https://optimize.google.com https://www.googleadservices.com https://stats.g.doubleclick.net https://pixel.wp.pl https://unpkg.com https://maps.googleapis.com https://santandertfi.pl https://my.tealiumiq.com http://www.script.crazyegg.com https://googleads.g.doubleclick.net https://maps.google.com https://user-event-tracker.crazyegg.com https://code.jquery.com https://www.gstatic.com www.google.com https://visitor-service-eu-central-1.tealiumiq.com https://www.youtube.com www.google-analytics.com https://www.google.com https://connect.facebook.net https://tags.tiqcdn.com https://s.ytimg.com https://script.crazyegg.com https://cloud.webankieta.pl static.yourcx.io https://omnibot.santander.pl https://maps.gstatic.com https://santander-prod.stanusch.com https://fundusze.santandertfi.pl https://www.googletagmanager.com https://www.google-analytics.com http://script.crazyegg.com https://files.webankieta.pl 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://omnibot.santander.pl https://aplikacje-pfrportal.pl https://stats.g.doubleclick.net https://santander-prod.stanusch.com https://collect.tealiumiq.com https://www.google-analytics.com https://my.tealiumiq.com 'self' 3 default-src 'self' http: https: data: blob: 'unsafe-eval' style-src: 'unsafe-inline' wss://vts.zohopublic.com 3 connect-src 'self' https://surveystats.hotjar.io https://l.getsitecontrol.com https://dash.getsitecontrol.com https://gse.gigaset.com *.hotjar.com wss://*.hotjar.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu graphql.usercentrics.eu stats.g.doubleclick.net www.google-analytics.com www.google.de bat.bing.com halc.iadvize.com in.hotjar.com s.adroll.com ct.pinterest.com fast.smarketer.de https://*.billwerk.com sandbox.billwerk.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com vc.hotjar.io ws3.hotjar.com ws7.hotjar.com wss://ws3.hotjar.com wss://ws7.hotjar.com www.facebook.com www.google.ch www.google.com www.google.fr ws6.hotjar.com wss://ws6.hotjar.com www.google.co.uk ws10.hotjar.com ws4.hotjar.com ws8.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws4.hotjar.com wss://ws8.hotjar.com www.google.be www.google.hr www.google.it www.google.nl www.google.ru ws12.hotjar.com ws18.hotjar.com ws2.hotjar.com wss://ws12.hotjar.com wss://ws18.hotjar.com wss://ws2.hotjar.com ws5.hotjar.com wss://ws5.hotjar.com www.google.es www.google.se www.google.com.tr www.google.cz ws17.hotjar.com wss://ws17.hotjar.com ws15.hotjar.com wss://ws15.hotjar.com www.google.co.in ws16.hotjar.com wss://ws16.hotjar.com www.google.com.cy www.google.pl ws9.hotjar.com wss://ws9.hotjar.com ws11.hotjar.com wss://ws11.hotjar.com app.getsitecontrol.com ws1.hotjar.com www.google.at d.adroll.com ws13.hotjar.com ws14.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com www.google.gr api.trustbadge.etrusted.com www.google.cl www.google.co.cr www.google.co.za www.google.com.ar www.google.rs service.gigaset.com www.google.ba www.google.dk www.google.ae network-eu.bazaarvoice.com www.google.hu wss://ff.kis.v2.scr.kaspersky-labs.com www.google.com.mx www.bing.com www.google.co.il www.google.co.ma www.google.co.ve www.google.com.bd www.google.com.co www.google.com.lb www.google.com.pe www.google.ie www.google.lu www.google.no www.google.pt www.google.ro www.google.si *.convertize.io pop1.getsitecontrol.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.iamsmartad.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu app.usercentrics.eu connect.facebook.net data: googleads.g.doubleclick.net graphql.usercentrics.eu https://pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.facebook.com www.google-analytics.com www.google.com www.google.de https://www.googletagmanager.com www.youtube.com halc.iadvize.com bat.bing.com widgets.getsitecontrol.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com pixel.convertize.io p.typekit.net use.typekit.net ct.pinterest.com fast.smarketer.de s.pinimg.com ups.xplosion.de display.ugc.bazaarvoice.com s.adroll.com gse.gigaset.com ff.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com https://mpsnare.iesnare.com; font-src https://script.hotjar.com use.typekit.net data: 'self' st.getsitecontrol.com fonts.gstatic.com github.com static3.avast.com; form-action 'self' www.facebook.com service.gigaset.com api.bazaarvoice.com 'unsafe-eval' ct.pinterest.com gigaset-org.freshworks.com; frame-src https://ir.tools.investis.com pixel.mathtag.com www.google.com www.facebook.com vars.hotjar.com secure.pay1.de www.youtube.com bid.g.doubleclick.net js.chatchamp.com api.bazaarvoice.com display.ugc.bazaarvoice.com tpc.googlesyndication.com cms.gigaset.com gigaset-prov.gigaset.com gigaset.secure.force.com where-to-buy.co www.googletagmanager.com player.vimeo.com ad2.adfarm1.adition.com 'self' gigaset-net.gigaset.com ct.pinterest.com forms.office.com verify.iamstudent.com www.iamstudentverify.com pwm-image.trendmicro.com https://www.pinterest.com; frame-ancestors 'self' https://www.gigaset.com; img-src 'self' 'report-sample' https://dsum-sec.casalemedia.com https://script.hotjar.com https://smarttracking.defacto-x.net https://m2.getsitecontrol.com https://trc.taboola.com https://d.adroll.com https://www.google.ee https://www.google.is app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com test.gse.gigaset.com tr.outbrain.com widgets.magentocommerce.com widgets.trustedshops.com www.facebook.com www.gigaset.com www.google-analytics.com www.google.com www.google.de display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com photos-uat-eu.bazaarvoice.com bat.bing.com data: d.adroll.com cdn.pay1.de image-charts.com www.googletagmanager.com ct.pinterest.com img.youtube.com network-eu-stg-a.bazaarvoice.com app.getsitecontrol.com media.getsitecontrol.com gse.gigaset.com insight.adsrvr.org network-eu.bazaarvoice.com pro-gse.gigaset.com www.google.ch www.google.co.uk www.google.com.tr www.google.com.tw www.google.es www.google.fr www.google.it www.google.nl www.google.pl photos-eu.bazaarvoice.com test.gigaset.com www.google.at www.google.be aax-eu.amazon-adsystem.com ads.yahoo.com cm.g.doubleclick.net connect.facebook.net network-eu-a.bazaarvoice.com stats.g.doubleclick.net sync.outbrain.com sync.taboola.com www.google.co.il www.google.cz www.google.hr www.google.lu www.google.ru www.google.sk www.gstatic.com www.google.com.lb translate.google.com www.google.se www.google.co.ao www.google.co.in www.google.co.kr www.google.com.mx www.google.hu www.google.no px.ads.linkedin.com www.awin1.com www.google.com.cy ib.adnxs.com i.ytimg.com www.google.az www.google.co.za www.google.com.bd www.google.fi www.google.pt www.google.co.cr www.google.ci www.google.com.sa www.google.rs www.google.gr android-webview-video-poster www.google.com.ar www.google.tn www.google.com.vn www.google.cl www.google.iq maps.googleapis.com maps.gstatic.com www.google.com.mt www.google.mn www.google.ro www.google.si www.google.ba blob: www.google.com.eg www.google.ae www.google.dk www.google.li pixel.rubiconproject.com pagead2.googlesyndication.com www.google.co.id www.google.co.ma www.google.ge www.google.ie www.linkedin.com analytics.google.com fcmatch.google.com fcmatch.youtube.com sync.mathtag.com ups.analytics.yahoo.com www.google.by www.google.cn www.google.co.ve www.google.com.br www.google.com.co www.google.com.et www.google.com.gt www.google.com.kw www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua dpm.demdex.net *.advertising.com *.pubmatic.com *.3lift.com *.bidswitch.net *.outbrain.com *.openx.net *.convertize.io; object-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://s2.getsitecontrol.com https://cdn.iamsmartad.com amplify.outbrain.com app.usercentrics.eu connect.facebook.net googleads.g.doubleclick.net js.chatchamp.com pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com halc.iadvize.com widgets.getsitecontrol.com analytics-static.ugc.bazaarvoice.com bat.bing.com display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com stg.api.bazaarvoice.com script.hotjar.com static.hotjar.com a.adroll.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com pixel.convertize.io secure.pay1.de fast.smarketer.de s.pinimg.com cdn.xplosion.de ups.xplosion.de sandbox.billwerk.com selfservice.sandbox.billwerk.com https://*.billwerk.com https://selfservice.billwerk.com apps.bazaarvoice.com asn-trk.advolution.de st.getsitecontrol.com api.bazaarvoice.com network-eu.bazaarvoice.com tpc.googlesyndication.com gse.gigaset.com me.kis.v2.scr.kaspersky-labs.com static.iadvize.com www.google.com www.dwin1.com ad1.adfarm1.adition.com adfarm1.adition.com gc.kis.v2.scr.kaspersky-labs.com secure.adnxs.com snap.licdn.com maps.googleapis.com s2.adform.net track.adform.net www.pagespeed-mod.com 'unsafe-eval' cdn.taboola.com ff.kis.v2.scr.kaspersky-labs.com www.google.de www.google.it imagesrv.adition.com https://mpsnare.iesnare.com https://l.getsitecontrol.com/p7jz5lm4.js; style-src data: 'self' 'unsafe-inline' display.ugc.bazaarvoice.com s.adroll.com p.typekit.net use.typekit.net gse.gigaset.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com me.kis.v2.scr.kaspersky-labs.com translate.googleapis.com; 3 frame-ancestors 'self' *.investec.com https://ng.secure.investec.com:8080; 3 base-uri https: http:; object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob: 3 script-src *.bigcommerce.com *.betrad.com *.lightboxcdn.com *.dynatrace.com *.azurewebsites.net cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com connect.facebook.net www.facebook.com *.google.com *.googlesyndication.com *.devcloudsoftware.com *.zmags.com *.jquery.com *.crazyegg.com *.adsrvr.org sc-static.net *.pinimg.com *.googleadservices.com *.braintreegateway.com *.stripe.com *.doubleclick.net *.googletagmanager.com *.agkn.com *.pgsitecore.com *.online-metrix.net *.amazonaws.com *.moatads.com *.paypalobjects.com *.paypal.com *.rewardstyle.com *.adsrvr.org *.adsrvr.org *.moatads.com *.attn.tv https://connect.facebook.net/en_US/fbevents.js *.ads.linkedin.com *.youtube.com *.ytimg.com *.bing.com *.linkedin.com *.gstatic.com smileadvisor.crest.com *.getshogun.com *.addthis.com *.addthisedge.com *.cloudfront.net/waves/v3/w.js *.betrad.com *.moatads.com *.agkn.com *.online-metrix.net *.ravenjs.com *.addrexx10.com *.bizographics.com *.cardinalcommerce.com *.bazaarvoice.com https://shareasale-analytics.com/j.js cdn.cookielaw.org *.privy.com *.cloudfront.net *.rpxnow.com *.iesnare.com https://tapjoy.go2cloud.org/SL2Wm *.polyfill.io geolocation.onetrust.com *.sharethis.com *.tapad.app *.pepperjam.com *.segment.com *.affirm.com *.minibc.com *.pricespider.com *.lytics.io *.ordergroove.com *.pepperjamnetwork.com *.tp88trk.com *.tiktok.com *.rokt.com *.hiconversion.com *.ssacdn.com *.yotpo.com *.mapbox.com https://pghub.io/js/pandg-sdk.js http://h30.hiconversion.net/ optanon.blob.core.windows.net b-code.liadm.com 'self' 'unsafe-eval' 'unsafe-inline' blob: 3 upgrade-insecure-requests; block-all-mixed-content; disown-opener 3 default-src: 'none' 3 default-src 'self' https://*.canadalife.com https:; connect-src 'self' https://*.canadalife.com https://*.greatwestlife.com https://www.google-analytics.com https://pdx-col.eum-appdynamics.com https://greatwestlife.sc.omtrdc.net https://dpm.demdex.net https://maps.googleapis.com https://greatwestlife.tt.omtrdc.net https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://*.qualtrics.com https://mboxedge35.tt.omtrdc.net https://ct.pinterest.com; script-src 'self' 'unsafe-eval' 'sha256-+6VjDIzOJ1FMbyOfu0j/M0SQSN4fLPiq6sXN51zrYvA=' 'sha256-r25YZXvWOGOWFfvnFLiekjmtwcR0b7GRObQSUYirS/Y=' 'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg=' 'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA=' 'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g=' 'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs=' 'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg=' https://assets.adobedtm.com https://cdn.appdynamics.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/ https://*.qualtrics.com https://dpm.demdex.net https://ad.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://*.fls.doubleclick.net https://px.ads.linkedin.com https://secure.adnxs.com https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/ https://play.vidyard.com https://p.adsymptotic.com https://www.googletagmanager.com/gtag/ https://mboxedge35.tt.omtrdc.net https://s.pinimg.com/ct/ https://ct.pinterest.com; style-src 'self' blob: 'unsafe-inline' https://*.canadalife.com https://*.vidyard.com https://*.qualtrics.com https://fonts.googleapis.com; img-src 'self' data: https://*.canadalife.com https://*.ggpht.com https://*.googleapis.com/ https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net https://www.facebook.com https://*.qualtrics.com https://cm.everesttech.net https://*.fls.doubleclick.net https://maps.googleapis.com https://px.ads.linkedin.com https://ad.doubleclick.net https://secure.adnxs.com https://analytics.twitter.com https://p.adsymptotic.com https://adservice.google.com/ddm/ https://adservice.google.ca/ddm/ https://dpm.demdex.net https://maps.gstatic.com https://*.vidyard.com https://*.qualtrics.com https://www.google.ca/ads/ https://t.co/i/ https://s.pinimg.com/ct/ https://ct.pinterest.com https://ca-gmtdmp.mookie1.com; font-src 'self' data: https://*.canadalife.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.qualtrics.com https://*.vidyard.com; frame-src 'self' https://play.vidyard.com https://*.qualtrics.com https://www.youtube.com https://gwl.demdex.net; child-src https://*.canadalife.com https://*.qualtrics.com https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net; object-src 'none'; base-uri 'none'; 3 default-src 'self' https:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; object-src 'none'; base-uri 'self'; connect-src 'self' https: wss:; font-src 'self' https:; frame-src 'self' https:; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' https:; worker-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 3 base-uri 'self';block-all-mixed-content;connect-src 'self';default-src 'none';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' data:;manifest-src 'self';media-src 'self' data: ;object-src 'none';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';style-src-elem 'self';style-src-attr 'unsafe-inline'; 3 frame-src 'self' https://eu-west-2-elume.s3.us-east-1.amazonaws.com/ https://forms.hsforms.com/ https://app.hubspot.com https://www.googletagmanager.com https://accounts.google.com https://sdk.companywebcast.com https://ir.asp.manamind.com https://www.youtube.com https://www.youtube-nocookie.com *.metric.gstatic.com https://webcast.seria.no https://spinzam.com/ https://player.vimeo.com https://cdn.embedly.com https://www.facebook.com https://www.google.com/ https://twitter.com/ https://kongsberg.easycruit.com; frame-ancestors 'self' 3 frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 3 default-src 'self' data https:; img-src 'self'  https;style-src 'self' https:; script-src-elem 'self https:; script-src 'self' https: ; script-src-attr 'self' https:; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com https://citcom-dev.ase1-dev.citnet.cit.com 3 default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com;script-src 'self' 'unsafe-inline' https://microapps.pf-labs.net https://cdn.inspectlet.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://stats.g.doubleclick.net 3 frame-ancestors *.bilimal.kz *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.elumiti.kz *.fpp.kz *.presidentfoundation.kz 3 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:;font-src https: data:; 3 frame-ancestors https://bulbul.io 3 frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.dkv.com; 3 frame-ancestors 'self' *.promoplace.com; 3 default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 3 frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 3 default-src 'self'; connect-src 'self' www.google-analytics.com https://www.google-analytics.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.pbwstatic.com www.google-analytics.com https://www.google-analytics.com https://optimize.google.com optimize.google.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 3 frame-ancestors 'self' https://agcovirtualshowroom.com https://www.agcovirtualshowroom.com; 3 default-src ‘self; *.myworkdayjobs.com *formstack.com *optimizely.com *crazyegg.com *fullstory.com; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; 3 default-src 'self' https:; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com; 3 default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'none'; block-all-mixed-content 3 default-src 'self' *.readspeaker.com data: https://viola.bundesbots.de wss://viola.bundesbots.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://viola.bundesbots.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src https://idnr-formular.bzst.bot-itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://viola.bundesbots.de https://idnr-formular.bzst.bot-itzbund.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 3 frame-ancestors 'self' corelogic.com.au *.corelogic.com.au elev.io *.elev.io 3 frame-ancestors 'self' blaetterkatalog.musicstore.de ; 3 default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; font-src https: 'self' data:; frame-src https: mailto:; 3 frame-ancestors 'self' http://localhost:3030 https://grate-cms.gr-dev.com https://grate-cms.prate-dev.com https://grate-cms.gr-stage.com https://grate-cms.gra-stage.com https://*.rate.com https://*.grarate.com https://*.properrate.com https://www.atproperties.com https://atproperties.com https://www.staging.atproperties.com https://staging.atproperties.com http://www.website.local http://website.local https://www.venturephilly.com https://venturephilly.com https://www.corcoranpacific.com https://corcoranpacific.com https://*.yextpages.net http://*.yextpages.net https://rcm.rockco.com 3 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data: 3 frame-ancestors 'self' blank;object-src 'self' blank; 3 sandbox allow-forms allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation-by-user-activation 3 frame-ancestors 'self' docs.linkresearchtools.com smart.linkresearchtools.com lrtcon.at lrtcon.com app.linkresearchtools.com test2.linkresearchtools.com *.dev.linkresearchtools.com; 3 default-src * data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob: 3 form-action 'self' https://go.pardot.com https://submit-irm.trustarc.com; 3 default-src 'self' https: *.fibi.co.il; connect-src 'self' https: *.fibi.co.il *.staging.fibi.co.il; style-src https: 'unsafe-inline'; font-src 'self' data: https: *.fibi.co.il; child-src 'self' data: https: *.fibi.co.il *.staging.fibi.co.il https://usa-api.idomoo.com https://idoplayer.idomoo.com; img-src 'self' data: https: 'unsafe-inline' *.fibi.co.il *.staging.fibi.co.il; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.fibi.co.il *.bankotsar.co.il *.bankmassad.co.il *.pagi.co.il *.u-bank.net *.staging.fibi.co.il https://facebook.co.il https://google.co.il https://google.com https://googletagmanager.com https://googleads.g.doubleclick.net https://googleadservices.com https://youtube.com https://facebook.com https://usa-api.idomoo.com https://idoplayer.idomoo.com https://apps.fibi.co.il 3 connect-src 'self' *.google-analytics.com *.doubleclick.net *.consentmanager.net *.dynamics.com;default-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bayferrox.com *.lanxess.com;frame-src 'self' *.lanxess.com *.youtube-nocookie.com *.vimeo.com *.youtube.com *.investis.com digitizer.app *.equitystory.com *.vara-services.com vara-services.com *.dynamics.com;img-src 'self' data: *.google-analytics.com * *.linkedin.com *.google.com *.google.de *.consentmanager.net *.vimeocdn.com *.lanxess.com;script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com * 'unsafe-eval' *.licdn.com *.consentmanager.net;style-src 'self' 'unsafe-inline' ; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.viewpoint.com https://viewpoint.us12.list-manage.com https://*.vidyard.com https://js-agent.newrelic.com https://secure.coax7nice.com https://*.facebook.com https://*.marketo.net https://*.marketo.com https://*.driftt.com https://*.adroll.com https://*.sumo.com https://sumo.com https://content.cdntwrk.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com https://*.facebook.com https://*.google-analytics.com https://*.googleadservices.com https://optimize.google.com https://www.googleoptimize.com https://*.vimeo.com https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com https://snap.licdn.com https://bat.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://siteimproveanalytics.com https://*.wistia.net https://*.wistia.com https://*.doubleclick.net https://www.reddit.com https://reddit.com https://*.pinterest.com https://api.bufferapp.com https://www.gstatic.com https://www.youtube.com https://www.google.com https://cdnjs.cloudflare.com https://bam.nr-data.net https://d.adroll.mgr.consensu.org https://tribl.io https://*.uberflip.com; img-src 'self' data: https://*.viewpoint.com https://*.vidyard.com https://s.amazon-adsystem.com https://*.krxd.net https://fcmatch.youtube.com https://sync.mathtag.com https://www.google.ca https://www.google.co.uk https://*.adroll.com https://s3-us-west-2.amazonaws.com https://cdn.bizibly.com https://gum.criteo.com https://www.google.com https://px.ads.linkedin.com https://www.linkedin.com https://*.sumo.com https://sumo.com https://privacy-policy.truste.com https://c.bing.com https://match.prod.bidr.io https://tags.rd.linksynergy.com https://cw.addthis.com https://segments.company-target.com https://sync.ipredictive.com https://sync.tidaltv.com https://epiv.cardlytics.com https://aa.agkn.com https://px.owneriq.net https://dpm.demdex.net https://bttrack.com https://pixel.spotify.com https://usersync-b3.videoamp.com https://srv4j.net https://usersync-b3.videoamp.com https://ssum.casalemedia.com https://a.tribalfusion.com https://dps.admission.net https://ps.eyeota.net https://segments.company-target.com https://um.simpli.fi https://pixel.tapad.com https://match.adsrvr.org https://px.surveywall-api.survata.com https://sync.srv.stackadapt.com https://rtb.adentifi.com https://bcp.crwdcntrl.net https://pm.w55c.net https://p.rfihub.com https://idsync.reson8.com https://tribl.io https://sync-tm.everesttech.net https://loadm.exelator.com https://secure-gl.imrworldwide.com https://d3sut91l4ajo4b.cloudfront.net https://d3lziyk5qr4b9v.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://optimize.google.com https://*.gstatic.com https://*.bluekai.com https://d3sut91l4ajo4b.cloudfront.net https://s-static.ak.facebook.com https://*.vimeo.com https://*.vimeocdn.com https://www.youtube.com https://*.siteimproveanalytics.io https://x.dlx.addthis.com https://s3.amazonaws.com https://driftt.imgix.net https://px.ads.linkedin.com https://p.adsymptotic.com https://bat.bing.com https://cdn.bizible.com https://pixel.quantserve.com https://www.facebook.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://*.adroll.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://*.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://pippio.com https://tr.snapchat.com https://*.wistia.net https://sync.outbrain.com https://simage2.pubmatic.com https://tag.apxlv.com https://tag.cogocast.net https://x.dlx.addthis.com https://maps.googleapis.com https://www.googleoptimize.com https://*.marketo.com https://*.wistia.com https://pluginicons.craft-cdn.com https://*.akamaihd.net https://content.cdntwrk.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' https://*.viewpoint.com https://*.google.com https://*.viewpoint.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.marketo.net https://*.marketo.com https://js.driftt.com https://hello.myfonts.net https://cdn.jsdelivr.net https://*.uberflip.com https://content.cdntwrk.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fast.fonts.net; font-src 'self' data: https://*.viewpoint.com https://*.fonts.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.gstatic.com https://*.vimeo.com https://connect.facebook.net https://*.uberflip.com https://content.cdntwrk.com https://maxcdn.bootstrapcdn.com https://api2.fonts.com; object-src 'self' https://*.viewpoint.com; child-src 'self' https://*.viewpoint.com; frame-src 'self' https://*.vidyard.com https://www.youtube.com https://w.soundcloud.com https://*.doubleclick.net https://vimeo.com https://*.vimeo.com https://optimize.google.com https://*.marketo.com https://*.wistia.com https://*.wistia.net https://*.driftt.com; connect-src 'self' https://stats.g.doubleclick.net https://*.viewpoint.com https://*.sumo.com https://sumo.com https://v2.api.uberflip.com https://clients6.google.com https://*.algolia.net https://*.algolianet.com https://*.craftcms.com https://*.google-analytics.com https://*.mktoresp.com https://*.linkedin.com https://*.facebook.com https://*.wistia.com https://*.litix.io https://*.akamaihd.net https://*.mktoutil.com https://bam.nr-data.net; report-uri https://ca1fe692b8b29170cd9bd1769d468774.report-uri.com/r/d/csp/enforce 3 frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; img-src 'self' data: https:; frame-src 'self' https:; connect-src 'self' https: 3 default-src 'self'; connect-src 'self' stats.g.doubleclick.net api.hubspot.com vimeo.com www.google-analytics.com wp.ocelotbot.com snap.licdn.com js.hsforms.net js.hs-scripts.com js.hs-analytics.net forms.hsforms.com forms.hs-forms.com hubspot-forms-static-embed.s3.amazonaws.com js.usemessages.com js.hs-banner.com; prefetch-src: js.hs-banner.com js.usemessages.com js.hs-analytics.com snap.licdn.com www.google-analytics.com www.googletagmanager.com; font-src 'self' data:; frame-src app.hubspot.com player.vimeo.com; img-src 'self' data: wp.ocelotbot.com googleads.g.doubleclick.net secure.gravatar.com www.google.com p.adsymptotic.com track.hubspot.com px.ads.linkedin.com www.google-analytics.com www.gstatic.com ssl.gstatic.com i.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' wp.ocelotbot.com ws.zoominfo.com googleads.g.doubleclick.net www.googleadservices.com slate.technolutions.net px.ads.linkedin.com snap.licdn.com track.hubspot.com js.hsforms.net forms.hsforms.com forms.hs-forms.com p.adsymptotic.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com apis.google.com f.vimeocdn.com; style-src 'self' 'unsafe-inline' f.vimdeocdn.com; object-src 'none'; upgrade-insecure-requests; 3 default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 3 frame-ancestors 'self' *.ivanti.com *.ivanti.com.au *.ivanti.com.cn *.ivanti.com.sg *.ivanti.co.uk *.ivanti.co.jp *.ivanti.de *.ivanti.fr *.ivanti.it *.ivanti.es *.ivanti.ru *.ivanti.cz *.ivanti.pl *.ivanti.nl *.ivanti.lat 3 default-src 'self' blob: https://10web.io *.10web.io; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' 'report-sample' jsfiddle.net *.jsfiddle.net *.bing.com *.datatables.net *.gstatic.com instagram.com *.instagram.com instagr.am https://10web.io *.10web.io *.twitter.com twitter.com *.google.com google.com *.firstpromoter.com firstpromoter.com *.facebook.net *.facebook.com facebook.com *.fbcdn.net reddit.com *.reddit.com redditstatic.com *.redditstatic.com quora.com *.quora.com *.cloudflare.com cloudflare.com https://d10lpsik1i8c69.cloudfront.net https://googleads.g.doubleclick.net *.googleapis.com https://s.ytimg.com https://snap.licdn.com https://static.ads-twitter.com *.google-analytics.com google-analytics.com https://www.googleadservices.com https://*.googletagmanager.com https://googletagmanager.com https://www.youtube.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com producthunt.com *.producthunt.com *.fontawesome.com data:; style-src 'self' 'unsafe-inline' 'report-sample' https://10web.io *.10web.io *.datatables.net https://d10lpsik1i8c69.cloudfront.net *.googleapis.com *.googleusercontent.com googleusercontent.com google.com *.google.com *.googletagmanager.com googletagmanager.com *.sentry-cdn.com *.fontawesome.com data: blob: https://10web.io *.10web.io; img-src * 'self' data: blob:; font-src 'self' data: https://10web.io *.10web.io *.gstatic.com *.googleusercontent.com googleusercontent.com https://s3.amazonaws.com/luckyorange-clickstream/fonts/ *.fontawesome.com; connect-src * 'self'; media-src 'self' https://10web.io *.10web.io *.imgur.com imgur.com https://d10lpsik1i8c69.cloudfront.net *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.google.com google.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com *.firstpromoter.com firstpromoter.com; frame-src 'self' jsfiddle.net *.jsfiddle.net https://10web.io *.10web.io *.google.com google.com https://bid.g.doubleclick.net *.facebook.com facebook.com *.facebook.net *.fbcdn.net instagram.com *.instagram.com instagr.am *.youtube.com youtube.com *.firstpromoter.com firstpromoter.com; base-uri 'self' https://10web.io *.10web.io; manifest-src 'self' https://10web.io *.10web.io; report-uri https://o397950.ingest.sentry.io/api/5263028/security/?sentry_key=8444a18b08184aef960a8eded99e7e7a; 3 default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' blob: https://*.bertelsmann.de https://*.bertelsmann.com https://*.createyourowncareer.com https://*.video-cdn.net https://*.privacy-mgmt.com https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://tr.main.bid-prod.technical-service.net https://maps.google.com https://*.video-cdn.net https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' blob: https://videocdnvod1-vh.akamaihd.net https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://*.video-cdn.net https://fonts.gstatic.com data:; frame-src * data: blob: ; frame-ancestors 'self' https://digitalportfolio.bertelsmann.com https://*.bertelsmann.de https://*.bertelsmann.com; connect-src 'self' wss://*.bertelsmann.de https://licensing.bitmovin.com https://cdn.plyr.io https://*.video-cdn.net https://videocdnvod1-vh.akamaihd.net https://stats.g.doubleclick.net https://*.bertelsmann.de https://*.bertelsmann.com https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://edgecdnhd2-vh.akamaihd.net 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: 'self' data:; media-src https: 'self' blob:; font-src https: 'self' data:; connect-src https: 'self' wss: 3 default-src 'none'; connect-src 'self' *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.twitter.com *.twimg.com cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net; style-src 'self' *.google.com *.twitter.com *.twimg.com 'unsafe-inline'; object-src 'self'; frame-ancestors 'none' 3 default-src 'self' https://recreativdesign.com blob:;script-src 'self' nonce-guXj7w7oWwUuGz/RZw2vXUoxt7E 'unsafe-inline' 'unsafe-eval' recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com https://browser.sentry-cdn.com https://recreativdesign.com;frame-src 'self' recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com https://www.google.lv;img-src 'self' recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com data: blob: https://via.placeholder.com/200x200 https://recreativdesign.com;font-src 'self' data: recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com https://recreativdesign.com;style-src 'self' 'unsafe-inline' recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.wayforpay.com https://recreativdesign.com;report-uri //recreativ.com/csp_report.php; 3 default-src *.ewe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ewe.de *.googletagmanager.com *.google-analytics.com www.youtube.com consent.cookiebot.com *.intelliad.de s.ytimg.com empfehlen-admin.pso-vertrieb.de connect.facebook.net www.dwin1.com *.rfihub.com *.rfihub.net *.adform.net *.adc-srv.net *.google.de *.google.com bat.bing.com *.bing.com/bat.js *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com *.googleapis.com *.ad4mat.de *.ad4mat.at *.ad4mat.ch *.adsrvr.org consentcdn.cookiebot.com ad4m.at cdn.sitesearch360.com cdn.cai.tools.sap; connect-src 'self' *.ewe.de global.sitesearch360.com *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com; img-src 'self' *.ewe.de images.ctfassets.net *.intelliad.de www.google-analytics.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net ad4m.at *.ad4m.at *.smartadserver.com *.googletagmanager.com adservice.google.com *.gstatic.com ih.adscale.de a.twiago.com dmp.ad4mat.net adservice.google.de maps.googleapis.com cdn.cai.tools.sap blob: data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.ewe.de cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com *.ewe.de cdnjs.cloudflare.com; frame-src ad4m.at ad4mat.net match.adsrvr.org www.facebook.com ad4mat.at widget.whappodo.com consentcdn.cookiebot.com insight.adsrvr.org youtube.com www.youtube.com *.ewe.de; media-src data.ewe.de; 3 default-src 'self'; connect-src 'self' analytics.gov.yk.ca ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.gov.yk.ca https://ajax.googleapis.com https://yukon.ca https://widget.time.is static.addtoany.com; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' https://yukon.ca ; img-src 'self' https://yukon.ca data: https://analytics.gov.yk.ca https://*.tile.openstreetmap.org ; font-src 'self' https://yukon.ca https://maxcdn.bootstrapcdn.com ; frame-src 'self' https://www.youtube.com https://www.instagram.com https://instagram.com ; 3 frame-ancestors 'self'; report-uri https://www.descartes.com/report-uri/enforce 3 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data:; frame-src *; connect-src *; media-src * blob:; object-src 'none'; worker-src * blob: 'unsafe-inline'; 3 frame-ancestors 'self' *.directnic.net 3 object-src 'self'; base-uri 'none' 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.smooch.io https://*.google.com https://*.evgnet.com https://*.evergage.com https://*.google.fr https://*.google.be https://*.google.nl https://*.googleoptimize.com https://*.google-analytics.com https://*.pinimg.com https://*.crazyegg.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.bing.com https://*.go-mpulse.net https://*.akamaihd.com https://*.akamaihd.net https://*.janraincapture.com https://*.rpxnow.com https://rpxnow.com https://*.nr-data.net https://*.newrelic.com https://*.marketo.net https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.zopim.com https://*.onetrust.com https://*.cookielaw.org https://*.drift.com https://*.driftt.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.mapbox.com https://*.hotjar.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.linkedin.com https://*.licdn.com https://*.ads.linkedin.com https://*.facebook.net https://*.facebook.com resource://pdf.js https://*.smooch.io https://*.bazaarvoice.com https://*.salesforceliveagent.com https://*.force.com https://*.zdassets.com https://*.cloudflare.com https://*.iesnare.com; img-src 'self' data: blob: https://*.smooch.io https://*.google.com https://*.evergage.com https://*.pinterest.com https://*.google.nl https://*.google.be https://*.google.fr https://*.googleusercontent.com https://*.ibb.co https://*.google.com.ua https://*.facebook.com https://*.facebook.net https://*.linkedin.com https://*.adsymptotic.com https://*.google-analytics.com https://*.googleapis.com https://*.google.co.in https://*.googletagmanager.com https://*.gstatic.com https://*.ggpht.com https://*.akamaihd.net https://*.google.by https://*.ytimg.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.doubleclick.net https://*.bing.com https://*.mapbox.com https://*.bazaarvoice.com https://*.janrain.com https://*.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://*.smooch.io https://*.google.com https://*.google.nl https://*.google.fr https://*.google.be https://*.marketo.net https://*.marketo.com https://*.google-analytics.com https://*.googleapis.com https://*.reevoo.com https://*.pricespider.com https://*.cloudfront.net https://*.hotjar.com https://*.mapbox.com https://*.typekit.net https://*.bazaarvoice.com https://*.force.com https://*.janrain.com https://*.cloudflare.com; font-src 'self' data: https://*.smooch.io https://wwww.stanleysecuritysolutions.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.typekit.net https://*.bazaarvoice.com https://*.force.com; connect-src 'self' wss://*.smooch.io https://*.smooch.io https://*.doubleclick.net https://*.us-4.evergage.com https://*.germany-2.evergage.com https://*.zopim.com https://*.akamaihd.net https://*.pinterest.com https://*.crazyegg.com https://*.google.com https://*.google.nl https://*.google.fr https://*.google.be https://*.facebook.com https://*.facebook.net wss://widget-mediator.zopim.com https://*.driftcdn.com https://*.googleapis.com https://*.google-analytics.com https://*.mktoresp.com https://*.bing.com https://*.googlevideo.com https://*.hotjar.com https://*.hotjar.io https://*.nr-data.net https://*.onetrust.com https://*.cookielaw.org wss://*.driftt.com https://*.reevoo.com https://*.mapbox.com https://*.bazaarvoice.com https://*.visibleconsumerinsight.com https://*.zdassets.com https://*.zendesk.com; worker-src data: blob:; frame-src 'self' https://*.smooch.io https://*.google.com https://*.google.nl https://*.google.fr https://*.google.be https://*.marketo.net https://*.marketo.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.hotjar.com https://*.janraincapture.com https://*.youtube.com https://*.drift.com https://*.driftt.com https://*.reevoo.com https://*.pricespider.com https://*.force.com https://*.bazaarvoice.com; frame-ancestors 'self'; media-src 'self' https://*.driftqa.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 3 default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; img-src 'self' editor.ne16.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; report-uri /Reports/LogCspError.ashx; 3 default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 3 default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; 3 frame-ancestors 'self' cms.golfadvisor.com cms.golfpass.com *.golfpass.com *.golfgenius.com golfgenius.com ggstest.com ggstest2.com 3 frame-ancestors account.vogelbescherming.nl vbn-sso.aanzee.online www.tuinvogeltelling.nl www.vogelbescherming.nl www.vogelweek.nl; 3 style-src https: 'unsafe-inline' 3 upgrade-insecure-requests; default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 3 frame-ancestors 'self' *.upc.ch *.upc.biz *.sunrise.net ocpretailconfiguratorupc.ch *.ocpretailconfiguratorupc.ch tcx.ch *.upctv.ch *.sunrise.ch; 3 frame-ancestors whitelabel.camspower.com cams.dnxlive.com 3 default-src 'self' *.thunderhead.com *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.marketo.com/ *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ anchor.fm gateway.zscalertwo.net static3.avast.com *.mktoutil.com *.google.com/ info.cytivalifesciences.com info.cytivalifesciences.com/ blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.marketo.com *.marketo.com/ info.cytivalifesciences.com info.cytivalifesciences.com/ *.kampyle.com *.medallia.eu heapanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com cdn.mouseflow.com *.mouseflow.com/ munchkin.marketo.net *.marketo.com *.mktorest.com assets.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.linkedin.com *.youtube.com s.ytimg.com *.facebook.com connect.facebook.net t.co static.ads-twitter.com analytics.twitter.com js-agent.newrelic.com fast.gehealthcare.demdex.net dpm.demdex.net gateway.zscalertwo.net snap.licdn.com bam.nr-data.net gehealthcare.sc.omtrdc.net gelifedigitalhubprod.112.2o7.net cx.atdmt.com cm.everesttech.net static.cloud.coveo.com *.thunderhead.com google.com googleads.g.doubleclick.net *.evidon.com *.consensu.org *.adroll.com maps.googleapis.com *.onetrust.com *.google.com api.fouanalytics.com *.b2c.com *.b2c.com:* *.b2c.com/ smetrics.cytivalifesciences.com stats.g.doubleclick.net play.vidyard.com play.vidyard.com/ hm.baidu.com info.cytivalifesciences.com info.cytivalifesciences.com/ *.jabmo.app/ d22d1xpx4ztuef.cloudfront.net/VqiIK76Nz6lnJoMsCapVh781pu5b.js secure.adnxs.com *.decibelinsight.net *.decibelinsight.com secure.marx7loki.com *.jsdelivr.net blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ cdn.heapanalytics.com heapanalytics.com; img-src * data: *.kampyle.com *.medallia.eu heapanalytics.com; media-src 'self' *.youtube.com cdn.cytivalifesciences.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data: static3.avast.com *.kampyle.com *.medallia.eu heapanalytics.com; frame-src 'self' *.adobe.com *.marketo.com facebook.com *.facebook.com *.anchor.fm anchor.fm cytiva.demdex.net youtube.com *.youtube.com bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ gateway.zscalertwo.net info.cytivalifesciences.com info.cytivalifesciences.com/ www.cytivalifesciences.com/ www.cytivalifesciences.com blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/; connect-src 'self' *.thunderhead.com *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net *.mktoutil.com *.google.com/ hm.baidu.com api.ipify.org c.jabmo.app *.decibelinsight.net *.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com acapgenertedreports-prod.s3.amazonaws.com blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ heapanalytics.com; report-uri https://www.cytivalifesciences.com/api/csp/report 3 block-all-mixed-conten 3 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; sandbox allow-forms allow-scripts 3 frame-ancestors 'self' https://*.xealth.io; 3 default-src * blob:; font-src * data:; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob:; report-uri https://cspreports.azurewebsites.net/api/PostReport 3 object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 3 frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 3 default-src 'self' blob: *.fitchsolutions.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ajax.googleapis.com *.fitchsolutions.com app-lon06.marketo.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com reveal.clearbit.com www.googletagmanager.com players.brightcove.net www.google-analytics.com c.evidon.com cdn2.funnelenvy.com assets.map.brightcove.com your.fitchsolutions.com snap.licdn.com static.hotjar.com munchkin.marketo.net js.idio.co script.hotjar.com s.idio.co api.idio.co cdn.jsdelivr.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.fitchsolutions.com use.fontawesome.com unpkg.com app-lon06.marketo.com cdnjs.cloudflare.com fonts.googleapis.com players.brightcove.net; object-src 'none'; frame-src 'self' *.fitchsolutions.com vars.hotjar.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com; img-src 'self' data: cf-images.us-east-1.prod.boltdns.net *.fitchsolutions.com metrics.brightcove.com l.evidon.com *.linkedin.com p.adsymptotic.com a.idio.co www.google-analytics.com www.google.com www.google.co; font-src 'self' data: *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; media-src 'self' blob: *.fitchsolutions.com *.boltdns.net *.brightcove.com videos.ctfassets.net *.akamaihd.net *.brightcove.net; prefetch-src 'self' *.fitchsolutions.com; connect-src 'self' blob: *.fitchsolutions.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group c.evidon.com *.funnelenvy.com www.google-analytics.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com notify.bugsnag.com 3 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' 3 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; img-src * blob: data:; font-src * data:; worker-src * blob:; child-src * blob: gap:; media-src * blob: 3 frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 3 frame-ancestors 'self' *.authorize.net; 3 frame-ancestors *.marincounty.org *.marinpublic.com *.mcera.org *.marinfair.org *.marincountyhr.org *.marincountyparks.org *.marinhhs.org 3 frame-ancestors *.ia.ca *.inalco.com *.ia.iafg.net 3 : block-all-mixed-content 3 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.exposebox.com *.windows.net *.googletagmanager.com *.google-analytics.com *.jquery.com *.us4.list-manage.com yoast.com unpkg.com *.cookiepro.com *.facebook.net *.cloudflare.com static.cloudflareinsights.com fast.wistia.com *.google.com *.gstatic.com *.instagram.com instagram.com;style-src 'self' 'unsafe-inline' *.windows.net *.googleapis.com unpkg.com *.fontawesome.com *.cookiepro.com yoast.com;img-src 'self' 'unsafe-inline' data: blob: *;child-src 'self' facebook.com instagram.com twitter.com *.exposebox.com yoast.com *.vimeo.com;connect-src 'self' yoast.com *.joomunited.com *.arcgis.com *.mapbox.com stats.g.doubleclick.net *.google-analytics.com *.instagram.com instagram.com;font-src 'self' 'unsafe-inline' data: fonts.gstatic.com fonts.googleapis.com use.fontawesome.com yoast.com;frame-src 'self' *.exposebox.com *.vimeo.com *.facebook.com *.cdnx.co.uk *.google.com *.instagram.com;worker-src 'self' blob:;upgrade-insecure-requests;report-to default;media-src 'self' wp-media-staging.camdenmarket.com wp-media.camdenmarket.com 3 img-src *;font-src * 3 child-src 'self'; default-src 'self' *.usave.co.uk 'unsafe-eval' 'unsafe-inline' phplaravel-354301-1685373.cloudwaysapps.com ajax.cloudflare.com static.cloudflareinsights.com optimize.google.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net connect.facebook.com connect.facebook.net www.googleadservices.com www.google.com www.gstatic.com www.redditstatic.com *.tawk.to * smartlook.cloud e.infogram.com *.smartlook.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.amazonaws.com *.tinymce.com *.tiny.cloud; img-src https: data:; frame-src www.googletagmanager.com www.measurementlab.net e.infogram.com www.facebook.com www.google.com va.tawk.to optimize.google.com www.googleoptimize.com; 3 'unsafe-inline'; 3 default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; 3 default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://* 3 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://js.monitor.azure.com http://projects.elitechnology.com/jsprojects/eneco-client/ https://projects.elitechnology.com/jsprojects/eneco/api/ https://eneco-eneco.digitalcx.com https://cdn.conversationalsdevelopment.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://d3or5d0jdz94or.cloudfront.net/MExDH9iB5LdtMi44LjE.js https://cdn.greenhousegroup.com/eneco-nl/slb/conversion.js https://connect.facebook.net/signals/plugins/inferredEvents.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/435765806865268 https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect/ https://snap.licdn.com/li.lms-analytics/ https://d2qmp7jjpd79k7.cloudfront.net/smartpixel-1.js https://d2qmp7jjpd79k7.cloudfront.net/smartpixel/3-3227/product.js https://d2qmp7jjpd79k7.cloudfront.net/pixel/3/1572447345163/script.js https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/adsct https://bat.bing.com/bat.js https://bat.bing.com/p/action/23001836.js https://acdn.adnxs.com/dmp/up/pixie.js https://s.pinimg.com https://ct.pinterest.com https://secure.adnxs.com https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.4.4/lottie.min.js https://tdn.r42tag.com https://admin.relay42.com https://t.svtrd.com/t-1295/ https://static.hotjar.com/c/hotjar-215132.js https://script.hotjar.com https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://mijn.enecozakelijk.nl/cookie/xdomain/xdomain_cookie.min.js https://www.youtube.com/iframe_api https://img03.en25.com/i/elqCfg.min.js https://api.salesfeed.com https://script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://amplify.outbrain.com/cp/obtp.js https://tr.outbrain.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com/debug/css.css https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/jquery-ui.css;img-src 'self' * data: blob: secure.adnxs.com collect.kosi-analytics.io/i https://t.co/i/adsct googleads.g.doubleclick.net www.googleadservices.com https://script.hotjar.com;media-src 'self' data: https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://d3ehotfhpgor0k.cloudfront.net;frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.youtube-nocookie.com https://t.svtrd.com https://ib.adnxs.com https://s3.eu-central-1.amazonaws.com/snowplow-appnexus-mapper/id.html https://6361111.fls.doubleclick.net https://9108254.fls.doubleclick.net https://bid.g.doubleclick.net https://player.vimeo.com https://eneco.bbvms.com https://mijn.enecozakelijk.nl https://vars.hotjar.com https://www.google.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net https://d3ehotfhpgor0k.cloudfront.net https://script.hotjar.com https://cdn.bluebillywig.com/fonts/ https://cdn.conversationalsdevelopment.nl/eneco/;connect-src 'self' *.eneco.nl https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.services.visualstudio.com https://api.usabilla.com https://eneco.bbvms.com https://collect.kosi-analytics.io https://d.lemonpi.io/scrapes https://ct.pinterest.com https://eneco-eneco.digitalcx.com https://conversationals-connector-live-assist-production.azurewebsites.net wss://api.seamly.ai https://api.seamly.ai wss://api.seamly-app.com https://api.seamly-app.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://api.adcalls.nl https://bat.bing.com https://api.enecogroup.com https://api-digital.enecogroup.com;child-src 'self' blob: https://vars.hotjar.com;frame-ancestors 'self' https://inloggen.eneco.nl 3 frame-ancestors 'self' *.kassel.de *.stadtreiniger.de 3 default-src 'self' data: https: 'unsafe-eval' 'unsafe-inline'; 3 frame-ancestors 'self' https://dashboard.vidy.com; 3 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adform.net *.ads-twitter.com *.bing.com *.cohesionapps.com fullstory.com *.fullstory.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.licdn.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.pmsrv.co *.preamp.io *.redfoundry.io *.redventures.io *.rvapps.io *.dx1h0xnt46b0i.amplifyapp.com tagmanager.google.com *.tvsquared.com *.twitter.com *.yahoo.com *.yimg.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com *.redfoundry.io *.dx1h0xnt46b0i.amplifyapp.com; connect-src 'self' *.amazonaws.com *.analytics-engine.com *.bing.com *.fullstory.com *.cohesionapps.com *.doubleclick.net *.google.com *.google-analytics.com *.newrelic.com *.nr-data.net *.pinterest.com https://*.redfoundry.io wss://*.redfoundry.io *.redventures.com *.redventures.io *.rvapps.io *.smartystreets.com *.dx1h0xnt46b0i.amplifyapp.com *.tagular.com *.yimg.com *.newrelic.com *.nr-data.net https://api.ipify.org; img-src 'self' data: *.adsymptotic.com *.adxcel-ec2.com *.bing.com *.doubleclick.net *.facebook.com *.facebook.net *.co *.google.com *.google-analytics.com gstatic.com *.gstatic.com *.linkedin.com *.media.net *.pinterest.com *.pmsrv.co *.redoriginproxy.com *.sitescout.com *.tvsquared.com *.dx1h0xnt46b0i.amplifyapp.com t.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.redoriginproxy.com *.dx1h0xnt46b0i.amplifyapp.com tagmanager.google.com; object-src 'none'; frame-src 'self' *.adform.net *.cohesionapps.com *.doubleclick.net *.facebook.com *.rvapps.io *.sitescout.com *.youtube.com; 3 frame-ancestors https://*.nrla.org.uk 3 frame-ancestors https://service.valooto.com/; 3 frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org http://*.newspointapp.com https://*.newspointapp.com https://*.gadgetsnow.com https://eisamay.com 3 default-src * data: 'unsafe-inline' blob:;connect-src * 'unsafe-inline';style-src * 'unsafe-inline';script-src * 'unsafe-inline' 'unsafe-eval';frame-src * 'unsafe-inline' 3 frame-ancestors 'self' https:; default-src 'self' https: wss:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' blob: https: data: 3 object-src 'none'; frame-ancestors 'none' 3 upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://os.mwscdn.io https://fonts.googleapis.com https://id.myworld.com https://fl-1.cdn.flockler.com/; img-src 'self' https: data:; font-src 'self' data: https://os.mwscdn.io https://fonts.gstatic.com https://maps.googleapis.com; report-uri /csp-report 3 default-src *; object-src 'none'; base-uri 'none'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * blob: data:; font-src * data:; frame-ancestors 'self' *.nyla.app *.vercel.app localhost:*; 3 default-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.googlesyndication.com/ https://www.tntv.pf https://opt-out.ferank.eu https://*.hotjar.com; media-src 'self' https://ooyalaeuwest.streaming.mediaservices.windows.net blob: https://www.tntv.pf https://www.youtube.com https://www.dailymotion.com https://*.hotjar.com https://manifest.prod.boltdns.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://*.2mdn.net/ https://*.gvt1.com/; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com https://player.ooyala.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net https://cdn.ampproject.org https://cdn.syndication.twimg.com https://ssl.google-analytics.com https://player.ooyala.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagservices.com https://adservice.google.fr https://adservice.google.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://connect.facebook.net https://platform.twitter.com https://analytics.ooyala.com https://imasdk.googleapis.com http://imasdk.googleapis.com https://s0.2mdn.net https://www.youtube.com https://www.dailymotion.com https://opt-out.ferank.eu http://opt-out.ferank.eu https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr http://player.ooyala.com http://players.brightcove.net https://players.brightcove.net https://vjs.zencdn.net https://analytics.ooyala.com/ https://www.instagram.com http://*.opta.net https://*.opta.net https://acdn.adnxs.com https://*.hotjar.com https://*.privacy-center.org; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://player.ooyala.com/ https://platform.twitter.com https://www.youtube.com https://www.dailymotion.com https://opt-out.ferank.eu http://opt-out.ferank.eu http://players.brightcove.net https://players.brightcove.net https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr https://www.instagram.com http://*.opta.net https://*.opta.net https://*.hotjar.com; child-src 'self' blob: https://*.myligue.fr https://www.google.com/ https://*.googlesyndication.com https://player.ooyala.com/ https://platform.twitter.com/ https://staticxx.facebook.com/ https://syndication.twitter.com/ https://widgets.lfp.stats.com https://l.ooyala.com/ https://imasdk.googleapis.com/ https://www.youtube.com https://www.dailymotion.com https://cartemercatoligue1.com https://11type.lfp.fr https://story.tl https://*.ausha.co https://taghcountdown.909c.fr https://snapshots.playingsurface.net http://player.ooyala.com http://players.brightcove.net http://players.brightcove.net http://l.ooyala.com https://twitter.com https://www.facebook.com https://m.facebook.com https://www.instagram.com https://imasdk.googleapis.com http://imasdk.googleapis.com https://www.google-analytics.com http://www.google-analytics.com https://www.sporcle.com https://*.hotjar.com https://*.spotify.com/ https://*.global-mmk.com https://platform.global-mmk.com/LFPMaps/Broadcasters/Index; img-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com data: https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com https://lspcridevglcdn.azureedge.net https://lspemeintglcdn.azureedge.net https://lspsapuatglcdn.azureedge.net https://lsprubpreglcdn.azureedge.net https://lspisphereglcdn.azureedge.net https://ssl.google-analytics.com https://stats.g.doubleclick.net https://lfpimageproxy.azureedge.net https://secure-cf-c.ooyala.com https://player.ooyala.com https://www.blogduparieur.com https://publish.lfpstg.ooflex.net https://syndication.twitter.com/ https://abs.twimg.com https://platform.twitter.com https://pbs.twimg.com https://www.youtube.com https://www.dailymotion.com https://www.google-analytics.com http://www.google-analytics.com https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr https://metrics.brightcove.com http://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://www.instagram.com https://cf-images.eu-west-1.prod.boltdns.net http://cf-images.eu-west-1.prod.boltdns.net https://tarteaucitron.io http://*.opta.net https://*.opta.net https://lspprdglcdn.azureedge.net https://ib.adnxs.com https://*.hotjar.com https://*.privacy-center.org https://play-lh.googleusercontent.com; connect-src 'self' https://*.doubleclick.net https://www.google-analytics.com https://dc.services.visualstudio.com https://metrics-api.librato.com https://player.ooyala.com https://licensing.bitmovin.com https://*.mediaservices.windows.net https://csi.gstatic.com https://edge.api.brightcove.com http://edge.api.brightcove.com http://player.ooyala.com http://manifest.prod.boltdns.net http://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://bcbolt446c5271-a.akamaihd.net https://*.googlesyndication.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.privacy-center.org; frame-ancestors 'self'; 3 font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com data: 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com http://youtube.com/iframe_api https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://www.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://player.vimeo.com/api/player.js https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www.googletagmanager.com/gtm.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://analytics.twitter.com/i/adsct https://tagmanager.google.com/debug https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://tagmanager.google.com/debug/debuguiApp-bundle.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://tagmanager.google.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/js/bootstrap-multiselect.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js https://cdn1.readspeaker.com/script/9190/webReader/webReader.js https://cdn1.readspeaker.com/script/9190/webReader/ReadSpeaker.pub.Config.js https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Core.js https://cdn1.readspeaker.com/ *.lfeeder.com *.leadfeeder.com https://code.jquery.com/jquery-3.4.1.min.js https://www.googletagmanager.com/gtag/js https://twitter.com/ https://pi.pardot.com/pd.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js http://cdn1.readspeaker.com/script/11546/webReader/ https://pi.pardot.com/ https://go.soprasteria.de/ https://www.clarity.ms/ https://walls.io/js/ https://cdn.goldenbees.fr/ https://tag.goldenbees.fr/ https://cdn.goldenbees.mgr.consensu.org/ https://www.youtube.com/ https://chatbot-widget.jobijoba.io https://ytimg.com https://googletagmanager.com https://google-analytics.com https://siteimproveanalytics.com/js/siteanalyze_6035851.js https://vjs.zencdn.net/7.11.4/video.min.js https://unpkg.com/masonry-layout@4.2.2/dist/masonry.pkgd.min.js https://unpkg.com/masonry-layout@4/dist/masonry.pkgd.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/2.5.0/Youtube.min.js https://npmcdn.com/imagesloaded@4.1/imagesloaded.pkgd.js https://tags.inzynk.io/cl383xbw/iztag.js https://analytics.inzynk.io/v/cl383xbw https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://www.googletagmanager.com/debug/bootstrap?id=GTM-KKLT57F&src=GTM&cond=2>m=2wgak0 https://cdn.goldenbees.fr/proxy?url=https%3A%2F%2Fstorage.gra.cloud.ovh.net%2Fv1%2FAUTH_94877f45ca5045fe8fff12d3bb492e74%2Fstatic%2Fcdn%2Fjs%2Fgtag%2Fgoldentag-min.js&attachment=0; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/css/bootstrap-multiselect.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles-Button.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles.css https://cdn1.readspeaker.com/script/9190/webReader/r/ https://cdn1.readspeaker.com http://cdn1.readspeaker.com/script/11546/webReader/r/r1099/ReadSpeaker.Styles.css http://cdn1.readspeaker.com/script/11546/webReader/r/r1099/ReadSpeaker.Styles-Button.css https://chatbot-widget.jobijoba.io https://fonts.googleapis.com https://vjs.zencdn.net/7.11.4/video-js.css; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://cdn.recman.no/ https://i.ytimg.com/ https://cdn.jobijoba.com https://hellojaiblog.files.wordpress.com https://media.giphy.com https://s3.eu-central-1.amazonaws.com https://google-analytics.com https://ytimg.com https://6035851.global.siteimproveanalytics.io/ https://conv.indeed.com/pagead/conv/5314231913872130/ https://img.youtube.com/; media-src 'self' data: blob: https://lesjoiesducode.fr/ https://firebasestorage.googleapis.com https://s3.eu-central-1.amazonaws.com https://youtube.com https://googlevideo.com https://cdn.jobijoba.com https://www.youtube.com/; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://karriere.soprasteria.de/ https://candidate.hr-manager.net/ https://my.walls.io/ https://www.google.com/ https://sopra.symex.be/ https://charts.symex.be/ https://maps.google.com/ https://sopra-steria.career-inspiration.com/ https://youtube.com https://chatbot-webview.jobijoba.io https://app-eu.readspeaker.com/ https://app.livestorm.co/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ https://www.google.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ https://app-eu.readspeaker.com/ https://maps.google.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://media-eu.readspeaker.com/ https://www.digitale-exzellenz.de/feed/ https://www.digitale-exzellenz.de/category/branchen/ https://www.digitale-exzellenz.de/tag/ https://www.instagram.com/ https://www.instagram.com/soprasteria_fr/ https://www.instagram.com/instagram/ *.lfeeder.com *.leadfeeder.com https://vttts-eu.readspeaker.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatbot-widget.jobijoba.io wss://chatbot-api.jobijoba.io https://chatbot-api.jobijoba.io https://google-analytics.com https://www.linkedin.com/; 3 frame-ancestors *.kfst.dk *.forbrug.dk *.stormraadet.dk *.forbrugerombudsmanden.dk *.energianke.dk *.forbrugereuropa.dk *.consumerombudsman.dk *.consumereurope.dk *.danishstormcouncil.dk *.energysuppliescomplaintboard.dk 3 default-src 'self' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net *.marketo.com https://www.google-analytics.com *.doubleclick.net https://staticxx.facebook.com https://platform.twitter.com http://i.vimeocdn.com https://player.vimeo.com *.youtube-nocookie.com https://www.youtube.com/iframe_api *.linkedin.com *.mktoresp.com http://stats.sa-as.com https://www.facebook.com https://www.google.com https://tracking.leadlander.com *.siteimproveanalytics.io https://8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com https://optiv.postclickmarketing.com https://html5-player.libsyn.com http://html5-player.libsyn.com http://widget.surveymonkey.com https://widget.surveymonkey.com https://www.surveymonkey.com https://consent.cookiebot.com *.fullstory.com https://api.company-target.com https://static.smartrecruiters.com https://www.smartrecruiters.com https://subscriptions.smartrecruiters.com/ https://cdn.jsdelivr.net https://scripts.demandbase.com https://themes.googleusercontent.com https://consentcdn.cookiebot.com/ https://cdn.cookielaw.org/ https://bam.nr-data.net/events/1/f277460712 https://public.tableau.com/ https://api.ceros.com https://google.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://api.lever.co/v0/postings/optiv https://api.lever.co/v0/postings/optiv-2 https://ka-p.fontawesome.com/ https://kit.fontawesome.com https://play.vidyard.com/; img-src 'self' data: https://public.tableau.com/static/images/cy/cybersecurity_tool/Story1/1.png https://cdn.bizible.com/ https://cdn.bizibly.com https://www.facebook.com https://stats.g.doubleclick.net https://tracking.leadlander.com https://*.global.siteimproveanalytics.io https://px.ads.linkedin.com https://www.google.com https://cdn.cookielaw.org/logos/4778c75d-47b3-4457-9e9f-8d01da359800/ff148706-0aba-4614-b78a-5ecdd8396861/optiv-logo@2x.jpg https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net https://www.googletagmanager.com https://tagmanager.google.com https://s.ytimg.com http://siteimproveanalytics.com https://www.google-analytics.com https://sjs.bizographics.com *.linkedin.com http://connect.facebook.net https://apis.google.com http://platform.twitter.com http://*.marketo.net https://*.marketo.net http://*.marketo.com https://*.marketo.com http://t.sf14g.com http://stats.sa-as.com https://d6digital.atlassian.net https://player.vimeo.com http://i.vimeocdn.com *.youtube-nocookie.com https://www.youtube.com/iframe_api https://8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.js https://optiv.postclickmarketing.com https://html5-player.libsyn.com http://html5-player.libsyn.com http://widget.surveymonkey.com https://widget.surveymonkey.com https://www.surveymonkey.com https://consent.cookiebot.com https://fullstory.com/s/fs.js https://tag.demandbase.com https://scripts.demandbase.com https://static.smartrecruiters.com/job-widget/1.4.2/script/smart_widget.js https://static.smartrecruiters.com/job-widget/1.4.2/script/jquery.min.js https://use.fontawesome.com/releases/v5.8.2/js/all.js https://use.fontawesome.com/releases/v5.8.2/js/v4-shims.js https://www.smartrecruiters.com https://trk.techtarget.com/tracking.js https://ionfiles.scribblecdn.net/scripts/ionizer-1.1.min.js https://subscriptions.smartrecruiters.com/widget/v1/sr-job-alerts.js https://cdn.jsdelivr.net https://themes.googleusercontent.com https://consentcdn.cookiebot.com/ https://cdn.cookielaw.org/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://public.tableau.com/javascripts/api/viz_v1.js https://cdn.bizible.com https://munchkin.marketo.net/159/munchkin.js https://api.ceros.com https://js-agent.newrelic.com/nr-1184.min.js https://google.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://andreasmb.github.io/lever-jobs-embed/index.js app-sj21.marketo.com https://kit.fontawesome.com https://use.fontawesome.com https://www.youtube.com pagecdn.io; style-src 'self' 'unsafe-inline' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net *.marketo.com https://tagmanager.google.com https://fonts.googleapis.com https://static.smartrecruiters.com/job-widget/1.4.2/css/smart_widget.css https://scripts.demandbase.com https://cdn.jsdelivr.net https://themes.googleusercontent.com https://consentcdn.cookiebot.com/ https://cdn.cookielaw.org/ https://google.com https://andreasmb.github.io/lever-jobs-embed/embed-css/style.css https://kit.fontawesome.com/5c49bd2b73/74742053/kit-upload.css 3 frame-ancestors 'self' *.glasgowairport.com *.aberdeenairport.com *.southamptonairport.com 3 default-src 'self'; frame-src 'self' data: https://*.criteo.com https://*.api.useinsider.com fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://*.criteo.com https://*.criteo.net https://*.api.useinsider.com https://*.g.doubleclick.net https://*.doubleclick.net https://www.googletagmanager.com https://*.bing.com https://*.pinimg.com https://cdn.jsdelivr.net/npm/sockjs-client@1/dist/sockjs.min.js https://cdnjs.cloudflare.com/ajax/libs/vertx/3.9.1/vertx-eventbus.min.js https://*.nzsale.co.nz https://*.identitydirect.com.au/ https://www.clarity.ms/ https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.criteo.com https://*.api.useinsider.com https://bat.bing.com https://*.pinterest.com https://images.latitudepayapps.com wss://fbcb.nzsale.co.nz wss://fbcb.identitydirect.com.au https://fcmregistrations.googleapis.com/v1/projects/ https://firebaseinstallations.googleapis.com/v1/projects/ https://*.nzsale.co.nz https://*.identitydirect.com.au https://www.clarity.ms/ https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.postcodeanywhere.co.uk https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com https://www.paypalobjects.com; 3 default-src https://static.mailplus.nl/ https://*.printfriendly.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://cdnapisec.kaltura.com/ https://*.gstatic.com/ 'self'; child-src 'self'; connect-src https://vod.nucleusvideo.astrazeneca.com/ https://cdnapisec.kaltura.com/ https://analytics.kaltura.com/ https://stats.kaltura.com/ https://*.omappapi.com/ wss://*.hotjar.com/ https://pagead2.googlesyndication.com/ https://api.omappapi.com/ https://*.printfriendly.com/ wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ 'self'; frame-src https://quadia.webtvframework.com/ http://quadia.webtvframework.com/ https://share.transistor.fm/ https://www.bbc.com/ https://dms.licdn.com/ https://*.linkedin.com/ https://*.googlesyndication.com/ https://crossmedia.mediasite.com/ https://*.crossmediaplatform.nl/ https://widgets.bnr.nl/ https://quadia.webtvframework.com/ https://*.printfriendly.com/ https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; frame-ancestors 'self'; img-src https://*.bbci.co.uk/ https://cfvod.kaltura.com/ https://www.facebook.com/ http://www-medischcontact-tst-1.gxcloud.local/ http://www-medischcontact-tst.gxcloud.local/ http://www-medischcontact-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.local/ https://*.mailplus.nl/ https://*.printfriendly.com/ https://*.googleusercontent.com/ https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/ 'self' data:; media-src https://cdnapisec.kaltura.com/ blob: 'self'; object-src 'self'; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.printfriendly.com https://fonts.googleapis.com 'self' 'unsafe-inline'; worker-src 'self' blob: 3 default-src 'self'; connect-src 'self'; img-src 'self' data: 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' data: 3 default-src 'self' *.googleapis.com *.vdo.ai *.vlitag.com *.adnxs.com *.avantisvideo.com *.addthis.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 3 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval' *.actian.com *.wpengine.com; connect-src *; font-src * data:; media-src * 'unsafe-inline'; frame-ancestors *.actian.com; frame-src *; object-src * data: 'unsafe-eval' 3 default-src 'self' blob:; media-src * data: blob:; frame-ancestors 'self' https://*.bondlayer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; img-src * 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src *; connect-src https: wss:; object-src 'none' 3 default-src http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http:; style-src http: 'unsafe-inline'; img-src 'self' data: http:; connect-src http: ws:; 3 font-src 'self' themes.googleusercontent.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 3 frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online https://ecommerctst.tatasteel.online https://ecmc01qa.tatasteel.online https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online; report-uri /report-csp-violation 3 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; 3 default-src https: 'unsafe-inline' 'self' data: 'unsafe-eval' 3 default-src 'self' https://ajax.googleapis.com https://maps.googleapis.com http://ajax.googleapis.com http://maps.googleapis.com https://*.interactivegarage.com https://*.ubembed.com http://*.ubembed.com https://y.c3portal.net https://c3sbx.net https://c3plp.net https://*.ctctcdn.com http://*.ctctcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ubembed.com http://*.ubembed.com https://s.ytimg.com https://www.youtube.com/iframe_api http://www.google-analytics.com/ https://lkq.qumucloud.com/ https://c3sbx.net https://c3plp.net https://cdn.qumucloud.com/ https://ssl.google-analytics.com/ https://www.gstatic.com/ https://www.google.com/ https://www.googletagservices.com/ https://www.googletagmanager.com https://connect.facebook.net/ https://googleads.g.doubleclick.net/ http://www.googleadservices.com/ https://gateway.zscalertwo.net https://fs17.formsite.com/ http://cdn.jsdelivr.net/ https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com/ https://maps.googleapis.com/ http://ajax.googleapis.com/ http://maps.googleapis.com https://*.interactivegarage.com http://emarketing.ekeystone.com/ http://static.ctctcdn.com/ https://static.ctctcdn.com/ https://cdnjs.cloudflare.com/ http://cdnjs.cloudflare.com/; style-src 'self' 'unsafe-inline' https://cdn.qumucloud.com/ https://lkq.qumucloud.com http://fonts.googleapis.com/ http://fonts.gstatic.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com https://*.ctctcdn.com http://*.ctctcdn.com; img-src 'self' *.ekeystone.com/ http://maps.gstatic.com/ https://*.interactivegarage.com http://maps.googleapis.com/ http://media.ekeystone.com/ https://lkq.qumucloud.com/ https://cdn.qumucloud.com/ https://fonts.gstatic.com/ https://www.google-analytics.com/ http://vehiclepartimages.com/ https://www.google.com/ http://www.google-analytics.com/ https://www.facebook.com/ https://gateway.zscalertwo.net https://stats.g.doubleclick.net https://ssl.google-analytics.com/ http://media.viantp.com/ https://www.google.co.in/pagead/ http://www.googletagmanager.com/ https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com http://emarketing.ekeystone.com https://*.ctctcdn.com http://*.ctctcdn.com data:; child-src 'self' https://lkq.instilled.com https://lkq.qumucloud.com https://sdn.sitecore.net https://c3sbx.net https://c3plp.net https://n.c3portal.net http://sdn.sitecore.net https://www.google.com https://recruiting.adp.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://fs17.formsite.com/ http://www.youtube.com https://*.ubembed.com/ http://www.facebook.com https://*.pages.ubembed.com http://*.ubembed.com http://*.pages.ubembed.com https://*.interactivegarage.com https://gateway.zscalertwo.net https://docs.google.com/ https://y.c3portal.net blob:; font-src 'self' https://cdn.qumucloud.com/ https://fonts.gstatic.com https://*.ubembed.com http://*.ubembed.com https://*.ctctcdn.com http://*.ctctcdn.com data:; frame-ancestors 'self' https://nexpart.com; media-src 'self' http://media.ekeystone.com/ http://vehiclepartimages.com/ https://*.ubembed.com http://*.ubembed.com https://*.ctctcdn.com http://*.ctctcdn.com; 3 form-action 'self' https://coworkingresources.org https://*.coworkingresources.org https://www.facebook.com https://getkisi.com https://*.getkisi.com https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://api.na.chilipiper.com/marketing/getkisi https://a.clickcertain.com https://a.omappapi.com https://a.optmnstr.com https://a.quora.com https://a.remarketstats.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://d.adroll.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.na.chilipiper.com/marketing.js https://js.usemessages.com https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com https://netlify-cdp-loader.netlify.app https://s.adroll.com https://ssl.google-analytics.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.redditstatic.com https://www.youtube.com 3 frame-ancestors'self' https://*nisbets.co.uk https://*nisbets.ie https://*nisbets.com.au https://*nisbets.fr https://*nisbets.de https://*nisbets.be https://*nisbets.nl 3 frame-ancestors 'self' https://m.v12finance.com/; 3 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' 3 default-src * data: blob: 'unsafe-inline'; script-src https://us.hurb.com https://i.btg360.com.br https://static.criteo.net https://www.tripadvisor.com *.doubleclick.net https://sslwidget.criteo.com https://static.zanox.com https://secure.afilio.com.br https://tag.viptarget.com.br https://static.hotjar.com https://cdnjs.cloudflare.com https://s.adroll.com https://cdn.pn.vg https://script.hotjar.com https://load.fomo.com https://s.adroll.com https://cdn.pn.vg https://script.hotjar.com https://load.fomo.com https://d.adroll.mgr.consensu.org https://e.fomo.com https://d.adroll.com *.collect.igodigital.com https://maps.googleapis.com *.clarity.ms https://s.go-mpulse.net https://api.pn.vg https://rum-static.pingdom.net https://www.datadoghq-browser-agent.com 'unsafe-inline' 'unsafe-eval' *.ghucdn.net *.hotelurbano.net *.hurb.com *.hurb.cloud *.hotelurbano.com *.hotelurbano.com.br *.adyen.com *.vimeo.com *.zopim.com connect.facebook.net www.facebook.com staticxx.facebook.com graph.facebook.com *.g.doubleclick.net *.google-analytics.com www.googletagmanager.com *.google.com ajax.googleapis.com www.googleadservices.com *.googlesyndication.com https://tagmanager.google.com *.gstatic.com cdn.optimizely.com *.zdassets.com https://hurb.zendesk.com wss://hurb.zendesk.com *.zopim.com bat.bing.com *.cookiebot.com; connect-src https://us.hurb.com wss://widget-mediator.zopim.com https://osp-assets.pn.vg https://in.hotjar.com https://stats.fomo.com https://vc.hotjar.io *.collect.igodigital.com wss://ws5.hotjar.com/api/v2/client/ws https://ws5.hotjar.com/api/v2/sites/1678753/recordings/content *.clarity.ms https://graphql-stg.ghucdn.net http://graphqlgateway/ https://c.go-mpulse.net https://rum-http-intake.logs.datadoghq.com 'unsafe-inline' *.ghucdn.net *.hotelurbano.net *.hurb.com *.hurb.cloud *.hotelurbano.com *.hotelurbano.com.br *.adyen.com *.vimeo.com *.zopim.com connect.facebook.net www.facebook.com staticxx.facebook.com graph.facebook.com *.g.doubleclick.net *.google-analytics.com www.googletagmanager.com *.google.com ajax.googleapis.com www.googleadservices.com *.googlesyndication.com https://tagmanager.google.com *.gstatic.com cdn.optimizely.com *.zdassets.com https://hurb.zendesk.com wss://hurb.zendesk.com *.zopim.com bat.bing.com *.cookiebot.com; frame-src https://us.hurb.com https://vars.hotjar.com https://widget.us.criteo.com https://cookies.pn.vg *.collect.igodigital.com 'self' *.ghucdn.net *.hotelurbano.net *.hurb.com *.hurb.cloud *.hotelurbano.com *.hotelurbano.com.br *.adyen.com *.vimeo.com *.zopim.com connect.facebook.net www.facebook.com staticxx.facebook.com graph.facebook.com *.g.doubleclick.net *.google-analytics.com www.googletagmanager.com *.google.com ajax.googleapis.com www.googleadservices.com *.googlesyndication.com https://tagmanager.google.com *.gstatic.com cdn.optimizely.com *.zdassets.com https://hurb.zendesk.com wss://hurb.zendesk.com *.zopim.com bat.bing.com *.cookiebot.com; frame-ancestors https://us.hurb.com https://vars.hotjar.com https://widget.us.criteo.com https://cookies.pn.vg *.collect.igodigital.com 'self' *.ghucdn.net *.hotelurbano.net *.hurb.com *.hurb.cloud *.hotelurbano.com *.hotelurbano.com.br *.adyen.com *.vimeo.com *.zopim.com connect.facebook.net www.facebook.com staticxx.facebook.com graph.facebook.com *.g.doubleclick.net *.google-analytics.com www.googletagmanager.com *.google.com ajax.googleapis.com www.googleadservices.com *.googlesyndication.com https://tagmanager.google.com *.gstatic.com cdn.optimizely.com *.zdassets.com https://hurb.zendesk.com wss://hurb.zendesk.com *.zopim.com bat.bing.com *.cookiebot.com; report-uri https://jselogger.hotelurbano.com/csp 3 script-src 'self' https://cloud-ua.webitel.com/ https://cdn.jsdelivr.net/npm/yandex-metrica-watch/ https://cloud-ua.webitel.com/widgets/domains/fondy/ https://widgets.binotel.com/ https://customer.smartsender.eu/js/client/ https://www.googleadservices.com/ https://analytics.twitter.com/ https://pay.google.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/ *.bing.com app.satismeter.com production-assets.codepen.io https://cdnjs.cloudflare.com/ajax/libs/ https://static.ads-twitter.com/ *.fondy.io *.fondy.ru *.fondy.ua *.fondy.eu https://mc.webvisor.org *.linkedin.com *.licdn.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.ua *.doubleclick.net *.googleapis.com ekr.zdassets.com fondyhelp.zendesk.com mc.yandex.ru *.plerdy.com connect.facebook.net www.facebook.com static.zdassets.com widget-mediator.zopim.com *.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ app.satismeter.com recaptcha.net https://widget.beesender.com 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https://widgets.binotel.com/ https://*.jquery.com https://pay.google.com/ https://widget.beesender.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ data: blob: 'unsafe-inline' 'self' *.fondy.io *.fondy.eu *.fondy.ua *.fondy.ru; connect-src 'self' ws: https://cloud-ua.webitel.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://*.plerdy.com www.facebook.com widget-mediator.zopim.com fondyhelp.zendesk.com https://balance.beesender.com mc.yandex.ru mc.webvisor.org ekr.zdassets.com *.fondy.io *.fondy.ua *.fondy.ru *.fondy.eu https://fondy.eu connect.facebook.net app.satismeter.com; frame-ancestors 'self' *.fondy.ru *.fondy.ua *.fondy.eu *.fondy.io portal.fondy.eu fondy.ru fondy.ua fondy.eu fondy.io 3 default-src 'none'; script-src 'self' 'unsafe-eval' cdn.ampproject.org ajax.cloudflare.com static.cloudflareinsights.com boards.greenhouse.io *.algolia.net *.algolianet.com buttons.github.io mc.yandex.ru www.googletagmanager.com 'sha256-Iq4L1sSeHXuAPP2voTJueoZ6m/sIwJTiyN3yOq9j8A8=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw='; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' www.googletagmanager.com blog-images.clickhouse.com data: mc.yandex.ru; object-src 'self' blog-images.clickhouse.com; connect-src 'self' www.google-analytics.com mc.yandex.ru api.github.com cdn.ampproject.org *.algolia.net *.algolianet.com *.ingest.sentry.io hn.algolia.com www.reddit.com; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru www.youtube.com datalens.yandex blog-images.clickhouse.com boards.greenhouse.io; font-src 'self' fonts.gstatic.com data:; base-uri 'none'; form-action 'self' webto.salesforce.com; frame-ancestors webvisor.com metrika.yandex.ru; prefetch-src 'self' 3 default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always; report-uri https:///p3hotels.report-uri.com/r/t/csp/enforce 3 default-src 'self'; img-src 'self' https://* data:; child-src https://www.youtube.com/ https://www.google.com/; style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales; script-src 'self' blob: https://www.google-analytics.com/ https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs='; connect-src 'self' https://www.google-analytics.com https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com https://business.senedd.wales https://busnes.senedd.cymru https://www.canva.com https://forms.office.com https://app.powerbi.com 3 frame-ancestors 'self' bid.g.doubleclick.net, img-src 'self' www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.co.in www.google-analytics.com googleads.g.doubleclick.net www.google.com www.google.be www.kwpsurveys.com *.cdninstagram.com *.typesquare.com t.teads.tv ct.pinterest.com ad.ipredictive.com www.facebook.com consumer.krxd.net apps.jobadder.com www.zespri.eu zespri.com.isgoingto.be cm.teads.tv www.google.co.id images.ctfassets.net cdnjs.cloudflare.com *.destinilocators.com bat.bing.com *.ytimg.com *.zemanta.com data:, form-action 'self', font-src 'self' ka-f.fontawesome.com fonts.gstatic.com use.fontawesome.com *.typesquare.com www.zespri.eu zespri.com.isgoingto.be *.destinilocators.com destinilocators.com data:, object-src 'self', style-src 'self' 'unsafe-inline' unpkg.com tagmanager.google.com fonts.googleapis.com www.zespri.eu zespri.com.isgoingto.be use.fontawesome.com *.destinilocators.com destinilocators.com bat.bing.com, script-src 'self' 'unsafe-inline' 'unsafe-eval' kit.fontawesome.com unpkg.com typesquare.com cdn.krxd.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.google.co.in www.googleadservices.com www.google.com www.kwpsurveys.com p.teads.tv *.cdninstagram.com www.facebook.com connect.facebook.net s.pinimg.com t.teads.tv ct.pinterest.com beacon.krxd.net consumer.krxd.net apps.jobadder.com ajax.googleapis.com www.zespri.eu zespri.com.isgoingto.be cm.teads.tv www.google.co.id recaptcha.net destinilocators.com *.destinilocators.com api.destinilocators.com stackpath.bootstrapcdn.com *.arcgis.com fonts.gstatic.com www.gstatic.com s3.amazonaws.com use.fontawesome.com pw.qpleshq.com us-central1-zespri-2020.cloudfunctions.net www.shareasungold.zespristore.com irxcm.com api2.autopilothq.com googleads.g.doubleclick.net bat.bing.com rec.smartlook.com *.clarity.ms *.youtube.com blob: 3 frame-ancestors 'self' https://*.probikeshop.fr https://*.probikeshop.it https://*.bikeshop.es https://*.probikeshop.de https://*.probikeshop.pt https://*.probikeshop.com https://*.probikeshop.ch; 3 default-src 'none'; object-src 'self'; media-src blob: https://*.genial.ly https://*.zdassets.com https://*.scene7.com https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; font-src 'self' data: https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://*.medicosearch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yandex.ru https://*.zdassets.com https://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.scene7.com https://*.pinimg.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://play.pod.co https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://*.createsend.com https://cdn.dotcy.com.cy https://script.crazyegg.com https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://soundcloud.com/; connect-src 'self' https://*.yandex.ru https://*.zdassets.com https://*.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.pinterest.com https://*.medicosearch.ch https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://stats.g.doubleclick.net https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com/ https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://ton.twimg.com; frame-src 'self' https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.tourmkr.com/ https://tourmkr.com/ https://*.tourextender.ch/ https://tourextender.ch/ https://*.podigee.com https://*.podigee-cdn.net https://*.infomaniak.com https://*.business360.ch https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://*.doubleclick.ne https://*.pinimg.com https://*.doubleclick.net https://*.yandex.ru https://play.pod.co https://*.onedoc.ch https://onedoc.ch https://vimeo.com/ https://*.vimeo.com/ https://*.brightcove.net/ https://mixlr.com/ https://*.mixlr.com/ https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://*.createsend.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com/ https://cdn.dotcy.com.cy https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.info https://*.datahouse.ch/ https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://www.facebook.com; child-src 'self' blob: https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.ads-twitter.com https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.valcartier.com *.calypsopark.com gcv-static.azureedge.net gcv-cms-static.azureedge.net gcv-staging-static.azureedge.net gcv-dev-static.azureedge.net gcv-qa-static.azureedge.net gcv-qa2-static.azureedge.net gcv-qa3-static.azureedge.net www-gcv-static.azureedge.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.ticket-ops.com data: *.tripadvisor.ca *.tripadvisor.com *.jscache.com static.tacdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google.com fonts.gstatic.com facebook.net *.facebook.com *.google.ca *.googleadservices.com *.doubleclick.net acuityplatform.com securecode.com *.securecode.com moneris.com *.moneris.com visa.com *.visa.com verifiedbyvisa.com *.verifiedbyvisa.com *.arcot.com *.vgdelivery.com vgdelivery.com *.cardinalcommerce.com cardinalcommerce.com *.online-metrix.net online-metrix.net securesuite.net *.securesuite.net az416426.vo.msecnd.net dc.services.visualstudio.com connect.facebook.net player.vimeo.com *.livechatinc.com; 3 default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 3 default-src 'self' https://experience.instilled.com https://www.facebook.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://www.youtube.com https://player.vimeo.com https://go.pardot.com https://js.driftt.com https://cdn4.mxpnl.com https://vars.hotjar.com https://optimize.google.com;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://cdn.inspectlet.com https://s.ytimg.com https://www.youtube.com https://w.soundcloud.com https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com https://js.driftt.com https://snap.licdn.com https://cdn4.mxpnl.com https://static.hotjar.com https://script.hotjar.com https://optimize.google.com https://lltrck.com;script-src 'self' 'unsafe-inline' https://snap.licdn.com https://s.ytimg.com https://www.youtube.com https://cdn.inspectlet.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://player.vimeo.com https://js.driftt.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com;font-src 'self' data: https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com;img-src 'self' data: https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://optimize.google.com https://www.googletagmanager.com https://lltrck.com https://p.adsymptotic.com https://www.google.com.co;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://nosafynr.api.sanity.io https://s.ytimg.com wss://ws.inspectlet.com https://cdn.inspectlet.com/ https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://pi.pardot.com https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://js.driftt.com http://*.mixpanel.com http://cdn.mixpanel.com https://*.mixpanel.com https://cdn.mixpanel.com https://api-js.mixpanel.com https://in.hotjar.com wss://ws18.hotjar.com https://ws18.hotjar.com/ https://*.algolia.net https://*.algolianet.com;prefetch-src 'self' https://pi.pardot.com https://www.googletagmanager.com https://www.google-analytics.com 3 frame-ancestors 'self' *.swoogo.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com stats.g.doubleclick.net www.google.es www.youtube.com aidback-test.applus.solutions aidback.applus.solutions apps.applus.com code.jquery.com v.qq.com maps.googleapis.com www.applus.com docs.google.com bookeo.com *.bookeo.com cdn.usefathom.com static.hotjar.com httpbin.org api.ipify.org maps.gstatic.com fonts.googleapis.com fonts.gstatic.com applus.media data:; object-src 'none'; base-uri 'self'; 3 frame-ancestors 'self' www.bibliotecanacionaldigital.gob.cl www.chileparaninos.gob.cl www.memoriachilena.gob.cl; 3 default-src 'self' https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://assets.wogaa.sg http://localhost:51412/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.youtube.com *.ytimg.com *.twitter.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.ecitizen.gov.sg *.googletagmanager.com *.licdn.com *.appier.net *.hotjar.com *.adsrvr.org *.doubleclick.net *.dcube.cloud *.adobedtm.com https://dpm.demdex.net https://anylist.c.appier.net https://in.hotjar.com https://va.ecitizen.gov.sg *.wogaa.sg blob: https://*.dcube.cloud https://assets.adobedtm.com/ https://assets.wogaa.sg *.wogaa.sg http://localhost:51412/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://va.ecitizen.gov.sg/ *.dcube.cloud https://assets.dcube.cloud/fonts/ *.wogaa.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com s3-us-west-2.amazonaws.com va.ecitizen.gov.sg *.wogaa.sg *.dcube.cloud https://www-ssg-wsg-gov-sg-admin.cwp-stg.sg https://www-wsg-gov-sg-admin.cwp-stg.sg https://www-ssg-gov-sg-admin.cwp-stg.sg https://www-ssg-wsg-gov-sg.cwp-stg.sg https://www-wsg-gov-sg.cwp-stg.sg https://www-ssg-gov-sg.cwp-stg.sg https://www.ssg-wsg.gov.sg https://www.ssg-wsg.gov.sg https://www.ssg-wsg.gov.sg data: *.amazonaws.com/ *.ecitizen.gov.sg *.dcube.cloud *.wogaa.sg https://www-ssg-wsg-gov-sg-admin.cwp-stg.sg https://www-wsg-gov-sg-admin.cwp-stg.sg https://www-ssg-gov-sg-admin.cwp-stg.sg https://www-ssg-wsg-gov-sg.cwp-stg.sg https://www-wsg-gov-sg.cwp-stg.sg https://www-ssg-gov-sg.cwp-stg.sg https://www.ssg-wsg.gov.sg https://www.ssg-wsg.gov.sg https://www.ssg-wsg.gov.sg; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com.vn platform.tumblr.com web.facebook.com www.facebook.com *.delicious.com www.redditstatic.com www.linkedin.com *.twitter.com *.licdn.com *.ytimg.com *.vimeocdn.com *.azureedge.net https://*.dec.sitefinity.com http://localhost pbs.twimg.com *.twimg.com *.targeting.unrulymedia.com *.googletagmanager.com *.omtrdc.net *.everesttech.net data: https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ blob: *.eloqua.com track.hubspot.com *.ecitizen.gov.sg/ *.ads.linkedin.com/ *.c.appier.net/ *.g.doubleclick.net *.c.appier.net/ *.google.com/ *.toast.com *.admixer.co.kr *.openx.net/ *.socdm.com/ *.microad.jp *.advertising.com/ *.tpmn.co.kr *.pubmatic.com/ *.google.com.sg *.search.spotxchange.com/ *.bidswitch.net/ *.as.amanad.adtdp.com *.ad.daum.net/ *.facebook.net *.adsymptotic.com/ *.gammaplatform.com *.adnxs.com/ *.rubiconproject.com/ *.gssprt.jp *.adingo.jp/ *.analytics.yahoo.com/ *.one.impact-ad.jp/; media-src 'self' data: blob:; frame-src 'self' *.google.com *.gstatic.com *.fls.doubleclick.net vars.hotjar.com insight.adsrvr.org *.dcube.cloud *.demdex.net assets.adobedtm.com *.liadm.com *.adsrvr.org *.appier.net *.wogaa.sg *.youtube.com *.vimeo.com https://platform.twitter.com/ http://fast.wogaa.demdex.net https://fast.wogaa.demdex.net *.facebook.com https://www-ssg-wsg-gov-sg-admin.cwp.sg https://www-wsg-gov-sg-admin.cwp.sg https://www-ssg-gov-sg-admin.cwp.sg https://www-ssg-wsg-gov-sg.cwp.sg https://www-wsg-gov-sg.cwp.sg https://www-ssg-gov-sg.cwp.sg https://www.ssg-wsg.gov.sg https://www.ssg.gov.sg https://www.wsg.gov.sg; frame-ancestors 'self' *.google.com *.gstatic.com *.fls.doubleclick.net vars.hotjar.com insight.adsrvr.org *.dcube.cloud *.demdex.net assets.adobedtm.com *.liadm.com *.adsrvr.org *.appier.net *.wogaa.sg *.youtube.com *.vimeo.com https://platform.twitter.com/ http://fast.wogaa.demdex.net https://fast.wogaa.demdex.net *.facebook.com https://www-ssg-wsg-gov-sg-admin.cwp.sg https://www-wsg-gov-sg-admin.cwp.sg https://www-ssg-gov-sg-admin.cwp.sg https://www-ssg-wsg-gov-sg.cwp.sg https://www-wsg-gov-sg.cwp.sg https://www-ssg-gov-sg.cwp.sg https://www.ssg-wsg.gov.sg https://www.ssg.gov.sg https://www.wsg.gov.sg; child-src 'self' https://www.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.adobedtm.com *.google-analytics.com *.appier.net *.wogaa.sg *.facebook.com https://www-ssg-wsg-gov-sg-admin.cwp.sg https://www-wsg-gov-sg-admin.cwp.sg https://www-ssg-gov-sg-admin.cwp.sg https://www-ssg-wsg-gov-sg.cwp.sg https://www-wsg-gov-sg.cwp.sg https://www-ssg-gov-sg.cwp.sg https://www.ssg-wsg.gov.sg https://www.ssg.gov.sg https://www.wsg.gov.sg; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://dpm.demdex.net http://dpm.demdex.net https://anylist.c.appier.net https://in.hotjar.com https://va.ecitizen.gov.sg *.adobedtm.com *.google-analytics.com *.doubleclick.net https://*.dcube.cloud https://vc.hotjar.io http://vc.hotjar.io *.appier.net *.wogaa.sg *.facebook.com https://www-ssg-wsg-gov-sg-admin.cwp.sg https://www-wsg-gov-sg-admin.cwp.sg https://www-ssg-gov-sg-admin.cwp.sg https://www-ssg-wsg-gov-sg.cwp.sg https://www-wsg-gov-sg.cwp.sg https://www-ssg-gov-sg.cwp.sg https://www.ssg-wsg.gov.sg https://www.ssg.gov.sg https://www.wsg.gov.sg; 3 default-src 'self'; base-uri 'none'; img-src 'self' data:; worker-src 'none'; frame-src 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval';font-src https: data:; style-src https: 'unsafe-inline' ;img-src * data: 3 frame-ancestors 'self' *.hightext.de *.ibusiness.de *.onetoone.de *.press1.de *.versandhausberater.de; 3 img-src 'self' data:; 3 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn-ukwest.onetrust.com https://img.en25.com https://connect.facebook.net https://use.typekit.net https://az416426.vo.msecnd.net https://www.civica.com https://snap.licdn.com https://cdnjs.cloudflare.com https://*.episerver.net https://www.youtube.com https://geolocation.onetrust.com/ https://s3121.t.eloqua.com; connect-src 'self' https://cdn-ukwest.onetrust.com https://*.visualstudio.com https://*.google-analytics.com https://stats.g.doubleclick.net https://s3121.t.eloqua.com; media-src 'self' data:; img-src 'self' data: https://www.facebook.com https://*.eloqua.com https://p.typekit.net https://*.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://p.adsymptotic.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; child-src 'self'; frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net/; font-src 'self' https://use.typekit.net; 3 frame-ancestors 'self' centralnicgroup.activehosted.com; script-src 'unsafe-inline' 'unsafe-eval' *.brandshelter.com *.webinarjam.com snap.licdn.com diffuser-cdn.app-us1.com prism.app-us1.com wp-ui.app-us1.com cdnjs.cloudflare.com trackcmp.net www.google-analytics.com data:; style-src 'unsafe-inline' *.brandshelter.com fonts.googleapis.com fonts.gstatic.com *.webinarjam.com 3 default-src 'self' https://nominatim.openstreetmap.org/; img-src 'self' data: https: *.wp.com *.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wp.com *.wordpress.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com *.wp.com *.wordpress.com; font-src 'self' data: https: fonts.googleapis.com *.wp.com *.wordpress.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wp.com *.wordpress.com 3 frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 3 default-src 'self' data: ; connect-src 'self' https: wss: ; font-src 'self' chrome-extension: data: https: ; img-src 'self' data: blob: android-webview-video-poster: about: https: ; frame-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' https: ; style-src-elem 'self' 'unsafe-inline' https: ; style-src-attr 'self' 'unsafe-inline' https: ; worker-src 'self' 'unsafe-inline' https: blob: ; frame-ancestors 'self' https://*.magnews.it https://*.magnews.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://cspr-it.mag-news.it/ 3 frame-ancestors 'self' *.dja.com; 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: com-vonq-main.collector.snplow.net *.cloudfront.net *.bootstrapcdn.com *.nuffic.nl *.clickdimensions.com *.maphub.net *.force.com *.thehagueuniversity.com *.dehaagsehogeschool.nl *.dehaagsehogeschool.nl.local *.dehaagsehogeschool.nl.dev *.hhs.local *.thuas.local *.youtube.com *.ytimg.com *.fbcdn.net *.cdninstagram.com *.instagram.com *.facebook.net *.facebook.com *.twitter.com *.linkedin.com *.hotjar.io *.hotjar.com *.doubleclick.net *.googleadservices.com *.google.com *.google.nl *.cookiebot.com *.jsdelivr.net *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.youtube-nocookie.com *.twimg.com *.azureedge.net *.svc.dynamics.com *.sc-static.net sc-static.net tourmkr.com *.tourmkr.com; object-src 'self'; 3 default-src 'self'; font-src data: https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.usercentrics.eu; child-src 'self' blob: https://*.usercentrics.eu; script-src https://*.mm.dm.at 'self' 'unsafe-eval' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.usercentrics.eu https://*.mm.dm.de https://ssl.hurra.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; worker-src 'self' blob:; connect-src https://*.mm.dm.at 'self' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://coupon-aktionen.dm.de https://services.dm.de https://products.dm.de https://*.services.dmtech.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.usercentrics.eu https://cart.services.dmtech.com https://*.mm.dm.de https://*.services.dmtech.com https://api.mapbox.com https://events.mapbox.com https://ssl.hurra.com https://*.bazaarvoice.com https://browser-http-intake.logs.datadoghq.eu https://signin.dm.at https://mpsnare.iesnare.com https://staedtetour.dm-fb2.de https://insights.algolia.io; style-src 'self' 'unsafe-inline' https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.usercentrics.eu https://*.bazaarvoice.com https://api.tiles.mapbox.com; img-src https://*.mm.dm.at 'self' data: blob: https://assets.dm.de https://cdn.kali.services.dmtech.com https://cdn02.dm-static.com https://media.dm-static.com https://*.services.dmtech.com https://*.usercentrics.eu https://ssl.hurra.com https://*.mm.dm.de https://*.bazaarvoice.com https://i.ytimg.com https://img.youtube.com https://play.google.com https://linkmaker.itunes.apple.com https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://d3s22jwy77sx9i.cloudfront.net https://images.podigee-cdn.net; frame-ancestors 'self' https://*.dm.at https://app.datadoghq.eu https://*.lxprod.ka.de.dm-drogeriemarkt.com; frame-src 'self' https://ssl.hurra.com https://*.dm.at https://*.services.dmtech.com https://*.usercentrics.eu https://sandbox.om.dm.de https://*.bazaarvoice.com https://www.youtube-nocookie.com https://configurator.nuk.de/ https://hey-familie.podigee.io https://cdn.podigee.com https://player.podigee-cdn.net; base-uri https://*.mm.dm.at 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://signin.dm.at https://checkout.dm.at https://*.usercentrics.eu https://*.bazaarvoice.com; manifest-src 'self'; report-uri /__csp-reports__ 3 frame-ancestors https://new.mospolytech.ru https://mospolytech.ru http://awards.ratingruneta.ru uplab.uplab.digital 3 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net d3dc1lgancj6l0.cloudfront.net *.api.here.com *.wp.com lftracker.leadfeeder.com www.youtube.com www.youtube-nocookie.com s.ytimg.com; frame-src 'self' http: https:; object-src 'self'; img-src * 'self' https: data: userlike-cdn-operators.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net; style-src 'unsafe-inline' 'self' fonts.googleapis.com js.api.here.com cdnjs.cloudflare.com s0.wp.com; font-src 'self' data: fonts.gstatic.com dq4irj27fs462.cloudfront.net d3dc1lgancj6l0.cloudfront.net *.api.here.com s0.wp.com; connect-src 'self' blob: *.lancom-systems.de *.lancom-systems.com www.userlike.com wss://umd.userlike.com wss://chat.userlike.com chat.userlike.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.google-analytics.com *.doubleclick.net *.hereapi.com js.api.here.com ; media-src 'self' dq4irj27fs462.cloudfront.net blob: ; worker-src 'self' blob: ; 3 default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.mqcdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.mqcdn.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net https://sdks.shopifycdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.mapquestapi.com *.mapquest.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://springs-preserve.myshopify.com *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.mapbox.com *.mqcdn.com *.mapquestapi.com *.mapquest.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com blob: data:; frame-src 'self' *.onefiserv.com *.streamtext.net *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 3 default-src 'self'; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 3 default-src * ;report-uri /xp/CSPReport.ashx ;script-src * 'unsafe-inline' 'unsafe-eval' data: about: ;style-src * 'unsafe-inline' ;connect-src * blob: ;font-src * data: ;object-src * ;img-src * data: blob: ;media-src * blob: ;frame-src * data: gsa: ajaxhandler: ;child-src * blob: ;worker-src * blob: ;form-action * javascript: ;frame-ancestors 'self' 3 default-src 'unsafe-inline' 'self' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com blob:; img-src 'self' *.google-analytics.com cdn.jsdelivr.net blob: data:; worker-src blob:; 3 default-src 'self' *.ubembed.com *.assets.ubembed.com *.kampyle.com *.medallia.com *.google-analytics.com *.gstatic.com ; script-src 'self' *.ubembed.com *.assets.ubembed.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.medallia.com *.kampyle.com *.googletagmanager.com *.google-analytics.com *.jquery.com *.marketo.net 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.ubembed.com *.assets.ubembed.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.medallia.com *.kampyle.com *.googletagmanager.com *.google-analytics.com *.jquery.com *.marketo.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.ubembed.com *.assets.ubembed.com *.kampyle.com *.medallia.com *.mktoresp.com; object-src 'self' *.ubembed.com *.assets.ubembed.com *.kampyle.com *.medallia.com; style-src 'self' *.ubembed.com *.assets.ubembed.com *.kampyle.com *.medallia.com *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.jquery.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.ubembed.com *.assets.ubembed.com *.kampyle.com *.medallia.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com data:; frame-src 'self' *.ubembed.com *.assets.ubembed.com *.astfinancial.com *.exacttarget.com *.gstatic.com *.googletagmanager.com *.kampyle.com *.medallia.com; img-src 'self' *.ubembed.com *.assets.ubembed.com *.gravatar.com *.kampyle.com *.medallia.com *.umbraco.org *.google-analytics.com umbraco.tv *.googletagmanager.com; 3 frame-ancestors 'self'; default-src 'self'; base-uri 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src 'self' *.gstatic.com *.embedly.com data:;connect-src 'self' *.reddit.com *.akamaihd.net unite.spoe.at rose.spoe.at www.google-analytics.com www.facebook.com; media-src * blob: data: 'self'; object-src 'self'; frame-src * ; manifest-src 'self'; worker-src 'self' blob: data: ; form-action *; upgrade-insecure-requests; block-all-mixed-content; 3 default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://*.yotpo.com https://fonts.googleapis.com https://*.twitter.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://*.yotpo.com https://yotpo-editor-production.s3.amazonaws.com/ https://www.google-analytics.com https://*.afterpay.com https://*.fls.doubleclick.net https://*.twimg.com https://*.twitter.com https://bat.bing.com https://cp.official-coupons.com https://cp.official-deals.co.uk https://cx.atdmt.com https://googleads.g.doubleclick.net/pagead/ https://googleads4.g.doubleclick.net https://p.adsymptotic.com https://prf.hn https://public-content-store.torque-platform.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://r1.trackedweb.net https://stats.g.doubleclick.net https://tmlewin.imgix.net https://uktc.fospha.com https://www.awin1.com https://www.facebook.com/tr/ https://www.google.co.uk/ads https://www.google.co.uk/ads/ https://www.google.co.uk/pagead/ https://www.google.com/ads/ https://www.google.com/pagead/ https://www.googleadservices.com https://www.ist-track.com https://ct.pinterest.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://insights.algolia.io https://*.yotpo.com https://*.afterpay.com https://*.optimizely.com https://www.google-analytics.com https://ssl.google-analytics.com http://www.google.com/pagead/ https://aax-eu.amazon-adsystem.com https://ad.doubleclick.net https://analytics.tiktok.com https://api.myunidays.com https://api.uk.exponea.com https://assets.revlifter.io https://bat.bing.com https://cdn.unidays.world https://connect.facebook.net https://d2236hi0n02pja.cloudfront.net/1b36f6d6-438e-4525-9693-177c6f95ad4f.js https://pagead2.googlesyndication.com https://prf.hn/conversion https://revlifter-js.s3-eu-west-1.amazonaws.com https://s.pinimg.com https://sc-static.net https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://static.mention-me.com https://static.trackedweb.net https://tag.mention-me.com https://tpc.googlesyndication.com https://tpc.googlesyndication.com/sodar https://tracking.myunidays.com https://uktc.fospha.com https://www.googleadservices.com https://www.googletagservices.com https://www.ist-track.com; frame-src https://js.stripe.com https://*.paypal.com https://*.twitter.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://www.googletagmanager.com https://*.optimizely.com https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.instagram.com http://*.issuu.com/ https://*.facebook.com https://tr.snapchat.com https://aax-eu.amazon-adsystem.com https://tmlewin.official-coupons.com https://vars.hotjar.com https://11111698.fls.doubleclick.net; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://www.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://insights.algolia.io https://*.yotpo.com https://*.afterpay.com https://*.optimizely.com https://*.instagram.com https://*.sciencebehindecommerce.com https://api.everythinglocation.com https://stats.g.doubleclick.net https://bat.bing.com https://www.google.com https://www.facebook.com/tr/ https://*.sentry.io https://cp.official-deals.co.uk https://cp.official-coupons.com https://devt.revlifter.com https://analytics.tiktok.com https://in.hotjar.com wss://ws3.hotjar.com https://ws3.hotjar.com https://api.uk.exponea.com https://googleads4.g.doubleclick.net https://ct.pinterest.com; font-src data: www.tmlewin.co.uk https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://*.yotpo.com https://fonts.gstatic.com; media-src 'self' https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://public-content-store.torque-platform.com/; form-action 'self' https://*.twitter.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://*.twitter.com https://www.facebook.com/tr/ https://tr.snapchat.com; object-src 'self'; block-all-mixed-content; report-uri https://5ce9a457525b0c6b344093f4321341fa.report-uri.com/r/d/csp/enforce 3 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none';frame-ancestors 'none' 3 frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com merkur-online.de *.merkur-online.de immoverkauf24.de *.immoverkauf24.de; report-uri /include/cspreport.asp 3 frame-src 'self' 3 default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * blob: ; object-src * ; child-src * ; frame-src * ; worker-src * blob: ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 3 default-src: https: 'unsafe-inline'; 3 policy-uri /'none' 3 frame-ancestors http://*.thefamilycoppola.com https://*.thefamilycoppola.com; 3 default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-1f99c031-c25f-49a2-a639-7ec0765663bc'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-1f99c031-c25f-49a2-a639-7ec0765663bc'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 3 default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3 frame-ancestors https://*.smartrecruiters.com 3 default-src 'self'; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://www.googletagmanager.com https://*.licdn.com; object-src 'self'; style-src 'self' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io 'unsafe-inline'; img-src *; media-src *; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com; frame-ancestors 'none'; font-src * data:; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg; 3 script-src 'unsafe-inline' 'self' data: 'unsafe-eval' blob: www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com assets.adobedtm.com;frame-src 'self' www.google.com www.googletagmanager.com www.youtube.com 3 default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 3 default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io *.sqat.eu piwik.itzbund.de; frame-ancestors 'self'; 3 default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 3 frame-ancestors *.megabrands.com *.megabloks.com *.megaconstrux.com; frame-src 'self' *.megabrands.com *.brightcove.net *.evidon.com *.truste.com *.trustarc.com *.privo.com *.opinionstage.com 3 default-src https: data: 'unsafe-inline' 3 default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://*.mhcache.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://*.nr-data.net https://*.mk-sense.com https://code.jquery.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://analytics.google.com https://adservice.google.com https://*.nr-data.net https://sentry.io https://capture.trackjs.com https://*.bing.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com https://*.filae.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com 3 frame-ancestors 'self' app.contentful.com 3 default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; child-src * blob:; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; worker-src blob:; block-all-mixed-content 3 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.eu *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io *.traderstation-international.com; 3 frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es, script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bol.pt/* maat.pt/* *.gstatic.com *.google.com *.google.pt *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.newrelic.com *.jquery.com *.doubleclick.net *.siteimprove.net *.siteimprove.com *.youtube.com *.youtube-nocookie.com *.cookielaw.org *.facebook.net *.smrk.io unpkg.com *.jsdelivr.net *.cloudflare.com *.newrelic.com *.bol.pt *.rawgit.com *.onetrust.com *.nr-data.net *.highcharts.com *.recaptcha.net *.edp.com *.edpr.com *.e-redes.pt opendata.online.e-redes.pt *.appspot.com *.dig.corp.edp.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es, frame-ancestors 'self' *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es, child-src 'self' 'unsafe-eval' 'unsafe-inline' *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.bol.pt/* *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com ir.tools.investis.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es, report-uri /report-csp-violation, upgrade-insecure-requests 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' 3 default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* localtest:* ajax.googleapis.com ajax.aspnetcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.google.com *.gstatic.com *.fontawesome.com *.crowdriff.com *.sa-as.com *.licdn.com *.facebook.net *.googleadservices.com siteimproveanalytics.com *.doubleclick.net *.adnxs.com;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' iowa.gov *.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.typekit.net *.fontawesome.com *.crowdriff.com;img-src 'self' data: localhost:* localtest.com:* *.jquery.com *.google-analytics.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.crowdriff.com *.cloudfront.net *.doubleclick.net *.arrivalist.com *.google.com *.sa-as.com *.adnxs.com *.siteimproveanalytics.io *.linkedin.com *.facebook.com *.adsymptotic.com *.ytimg.com *.google.ca *.googletagmanager.com;media-src *.spindustry.com;frame-src *.spindustry.com *.google.com *.youtube.com *.facebook.com *.doubleclick.net *.moz.com;font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.typekit.net *.fontawesome.com;connect-src 'self' *.spindustry.com *.crowdriff.com *.fontawesome.com *.doubleclick.net *.google-analytics.com *.facebook.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com;form-action 'self' *.spindustry.com *.facebook.net *.facebook.com;frame-ancestors *.spindustry.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true 3 frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' https://c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://h.online-metrix.net https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleoptimize.com app.link cdn.branch.io beacon.riskified.com tags.tiqcdn.com cdn-akamai.mookie1.com *.firebaseio.com h.online-metrix.net *.twitter.com static.ads-twitter.com *.googletagservices.com bam.nr-data.net *.doubleclick.net evbk.gamooga.com maxcdn.bootstrapcdn.com *.google.com cdn.jsdelivr.net sslwidget.criteo.com static.criteo.net cdn.mouseflow.com bat.bing.com maps.googleapis.com ae.gsecondscreen.com sg-pl.vizury.com cdnjs.cloudflare.com cdn-jp.gsecondscreen.com adservice.google.co.in ssl.google-analytics.com pagead2.googlesyndication.com www.google-analytics.com cdn.sessionstack.com www.googletagmanager.com connect.facebook.net *.googleadservices.com *.rdbuz.com *.redbus.in www.gstatic.com; img-src 'self' data: blob: i.ytimg.com img.riskified.com web-elb *.online-metrix.net *.goibibo.com barcode-latam.s3.amazonaws.com t.co www.googletagmanager.com *.doubleclick.net tpc.googlesyndication.com maps.gstatic.com maps.googleapis.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net bat.bing.com www.google.co.in evbk.gamooga.com *.redbus.in cdn-jp.gsecondscreen.com *.google.com www.google-analytics.com ssl.google-analytics.com *.facebook.com *.rdbuz.com cdn-jp.gsecondscreen.com api.midtrans.com www.glassdoor.co.in; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' covid-19.riskline.com covid19-riskline.com www.youtube-nocookie.com https://*.firebaseapp.com https://*.firebaseio.com https://www.surveymonkey.com https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://*.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://*.facebook.com https://www.youtube.com https://dis.as.criteo.com; object-src 'self'; connect-src 'self' gsecondscreen.com *.gsecondscreen.com *.gamooga.com api2.branch.io wss://rbpub.redbus.com *.googleapis.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com wss://*.gamooga.com www.google-analytics.com graph.facebook.com accounts.google.com 3 frame-ancestors *.uninassau.edu.br *.uninabuco.edu.br *.sereducacional.com *.sereduc.com *.leiaja.com *.ung.br *.unama.br *.univeritas.com *.uninorte.com.br *.blackboard.com http://*.joaquimnabuco.edu.br http://*.unama.br *.gokursos.com *.ig.com.br http://*.ung.br *.uninassau.digital *.unama.digital *.univeritas.digital *.uninorte.digital *.uninabuco.digital *.facimed.edu.br *.unifacimed.digital *.unijuazeiro.edu.br *.fasb.edu.br *.unescnet.br; 3 frame-ancestors 'self' www.lgechat.com www.group-digital.fr; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net *.googletagmanager.com tagmanager.google.com www.gstatic.com *.google-analytics.com www.googleadservices.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io connect.facebook.net *.blueconic.net knltb.sb.blueconic.net service.force.com *.salesforceliveagent.com *.googleapis.com knltb.my.salesforce.com knltb.secure.force.com ajax.aspnetcdn.com *.cloudfront.net www.instagram.com www.mollie.com *.youtube.com *.ytimg.com *.newrelic.com *.nr-data.net *.g.doubleclick.net snap.licdn.com *.tennis.nl *.nlpadel.nl *.centrecourt.nl *.knltb.nl; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net tagmanager.google.com fonts.googleapis.com service.force.com knltb.secure.force.com *.cloudfront.net www.mollie.com p.typekit.net *.tennis.nl *.nlpadel.nl *.centrecourt.nl *.knltb.nl; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: dashboard.umbraco.org our.umbraco.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io www.facebook.com *.ytimg.com *.googleapis.com *.gstatic.com *.blueconic.net stats.g.doubleclick.net *.persgroep.net *.google.nl i.ytimg.com *.tennis.nl *.nlpadel.nl *.centrecourt.nl *.knltb.nl; connect-src 'self' 'unsafe-eval' 'unsafe-inline' our.umbraco.com tagmanager.google.com www.google-analytics.com *.hotjar.com:* *.hotjar.io *.blueconic.net knltb.sb.blueconic.net service.force.com knltb.secure.force.com homerun.co *.nr-data.net stats.g.doubleclick.net i.ytimg.com p.typekit.net use.typekit.net maps.googleapis.com www.googletagmanager.com maps.gstatic.com www.instagram.com www.sfdcstatic.com *.cloudfront.net *.salesforceliveagent.com *.tennis.nl *.nlpadel.nl *.centrecourt.nl *.knltb.nl; frame-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.youtube.com bid.g.doubleclick.net *.hotjar.com *.hotjar.io service.force.com www.facebook.com widgets.knltb.club www.instagram.com www.mollie.com nlpadel.meshlink.nl m.facebook.com crionet-ms-widgets.azurewebsites.net *.tennis.nl *.nlpadel.nl *.centrecourt.nl *.knltb.nl; style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.blueconic.net service.force.com knltb.secure.force.com *.cloudfront.net p.typekit.net *.tennis.nl *.nlpadel.nl *.centrecourt.nl *.knltb.nl; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: fonts.gstatic.com *.hotjar.com *.hotjar.io *.sfdcstatic.com use.typekit.net *.tennis.nl *.nlpadel.nl *.centrecourt.nl *.knltb.nl; child-src 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.hotjar.io *.youtube.com *.blueconic.net knltb.sb.blueconic.net *.tennis.nl *.nlpadel.nl *.centrecourt.nl *.knltb.nl; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net knltb.sb.blueconic.net *.tennis.nl *.nlpadel.nl *.centrecourt.nl *.knltb.nl; block-all-mixed-content; 3 frame-ancestors 'self' groupebpce.com *.groupebpce.com; 3 frame-ancestors 'self' https://*.ariba.com https://fswlcdcqvm01.nyumc.org:8071 https://peoplesoftfscm.nyumc.org https://fswlcdcpvm01.nyumc.org:8236 3 object-src 'self'; base-uri 'self'; frame-ancestors 'self'; default-src blob: https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.werkzoeken.nl https://*.technicus.nl https://vars.hotjar.com https://accounts.google.com https://www.youtube.com https://www.facebook.com https://docs.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl; script-src 'self' 'unsafe-inline' blob: https://bat.bing.com https://ajax.cloudflare.com https://*.google.com https://*.google.nl https://*.hotjar.com https://*.licdn.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://*.doubleclick.net https://*.twitter.com https://*.ads-twitter.com https://*.linkedin.com https://www.gstatic.com https://js.live.net https://www.google-analytics.com https://sjs.bizographics.com https://connect.facebook.net https://www.dropbox.com https://apis.google.com; connect-src 'self' https://api.maptiler.com https://*.microsoft.com https://*.hotjar.io https://*.hotjar.com https://www.facebook.com https://*.doubleclick.net https://*.zdassets.com https://www.google-analytics.com wss://*.hotjar.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io; frame-src 'self' https://*.google.com/ https://www.youtube.com https://vars.hotjar.com; font-src 'self' data: https://*.werkzoeken.nl https://*.vacaturesonline.nl https://*.technicus.nl https://*.ictergezocht.nl https://*.hotjar.com https://fonts.gstatic.com https://*.zopim.com; img-src 'self' blob: data: https://bat.bing.com https://script.hotjar.com https://*.linkedin.com https://*.werkzoeken.nl https://*.technicus.nl https://v2assets.zopim.io https://*.vacaturesonline.nl https://*.ictergezocht.nl https://maps.gstatic.com https://*.zopim.com https://maps.googleapis.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://*.doubleclick.net; 3 default-src 'none'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vimeo.com/api/v2/video https://*.vimeo.com https://*.zorgvoorbeter.nl https://*.kennispleingehandicaptensector.nl https://apps.elfsight.com https://*.vo.msecnd.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://*.blueconic.net https://*.hotjar.com https://*.hotjar.io https://extend.vimeocdn.com https://www.google-analytics.com https://js.driftt.com https://connect.facebook.net https://www.youtube.com https://*.ytimg.com https://*.bizographics.com https://*.linkedin.com https://*.licdn.com; connect-src 'self' https://vimeo.com https://*.vimeo.com https://dc.services.visualstudio.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.blueconic.net https://api.ipify.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://i.vimeocdn.com https://i.ytimg.com https://i.ytimg.com https://img.youtube.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.vilans.nl https://*.blueconic.net https://*.linkedin.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net; frame-src 'self' https://w.soundcloud.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.google.com https://www.facebook.com https://js.driftt.com https://*.hotjar.com https://www.veiligheid.nl; frame-ancestors 'self'; object-src 'self'; 3 upgrade-insecure-requests; frame-ancestors 'self'; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.google.com.au *.google.ca *.gstatic.com *.google-analytics.com *.googleadservices.com *.pingdom.net js.hs-analytics.net *.cloudfront.net js-agent.newrelic.com *.doubleclick.net *.nr-data.net *.mastersoftgroup.com *.quantserve.com *.idmanagedsolutions.com *.addthis.com *.xg4ken.com *.lightboxcdn.com *.brightcove.net *.youtube.com player.vimeo.com *.cloudflare.com *.onmodulus.net *.bootstrapcdn.com *.tradingroom.com.au *.services.visualstudio.com *.azurewebsites.net *.windows.net *.msecnd.net *.bing.com is-ff-cdn-www.azureedge.net is-gb-cdn-www.azureedge.net is-rs-cdn-www.azureedge.net is-pz-cdn-www.azureedge.net is-ct-cdn-www.azureedge.net is-jw-cdn-www.azureedge.net is-develop-cdn-www.azureedge.net is-uat-cdn-www.azureedge.net is-master-stg-cdn-www.azureedge.net *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.yourshare.com.au image.mail.eurekareport.com.au ii-uploads.s3.amazonaws.com *.intercom.io wss://*.intercom.io *.intercom.com *.intercomcdn.com *.intercomassets.com intercom-sheets.com dnn506yrbagrg.cloudfront.net/pages/scripts/0018/4016.js *.crazyegg.com s3.amazonaws.com/trk.cetrk.com/ gtrk.s3.amazonaws.com *.disqus.com disqus.com *.disquscdn *.disquscdn.com *.typekit.net pub.s7.exacttarget.com cl.s7.exct.net *.coveritlive.com *.segment.com *.segment.io *.kissmetrics.com https://pixel.tapad.com *.adsrvr.org *.quantcount.com *.dianomi.com *.jquery.com cdn.jsdelivr.net *.highcharts.com *.mypropertytools.com.au *.static.omnilife.com.au static.omnilife.com.au outlook.office365.com placehold.it placeholdit.imgix.net fakeimg.pl fullstory.com *.fullstory.com *.facebook.net *.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.mixpanel.com *.mxpnl.com *.bugherd.com *.bugsnag.com https://omny.fm/ marketo.net *.marketo.net *.mktoresp.com app-sn04.marketo.com *.dacast.com *.viglink.com *.pusher.com ws://*.pusherapp.com wss://*.pusherapp.com *.bloomberg.com *.afr.com *.2gb.com *.forbes.com *.smh.com.au *.economist.com *.asx.com.au *.abc.net.au *.skynews.com.au *.theaustralian.com.au *.seniorsnews.com.au *.appcues.com *.firebaseio.com *.firebase.com appcues-quickstart.s3-us-west-2.amazonaws.com *.cloudinary.com *.appcues.net appcues-content-api-prod.herokuapp.com nh436jpc4i.execute-api.us-west-2.amazonaws.com 104cl9psz3.execute-api.us-west-2.amazonaws.com wss://api.appcues.net wss://*.firebaseio.com cdn.jsdelivr.net calendly.com *.calendly.com https://portal.ttds.com.au/ http://thetermdepositshop.com.au/ *.inspectlet.com https://*.buzzsprout.com www.buzzsprout.com *.imgix.net vimeocdn.com *.vimeocdn.com vimeo.com *.vimeo.com *.zoho.com abr.business.gov.au https://www.googleoptimize.com *.rlets.com *.gannettdigital.com *.reachlocalservices.com 3 frame-ancestors DENY 3 frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 3 frame-ancestors 'self' ; report-uri /error/csp/ 3 frame-ancestors 'self' *.oldmutualwealth.co.uk 3 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.pfsweb.com https://*.pfscommerce.com https://*.liveareacx.com https://cdn.cookielaw.org https://script.crazyegg.com https://*.googletagmanager.com https://fonts.googleapis.com https://s.swiftypecdn.com https://*.gstatic.com https://*.zoominfo.com https://js.hs-scripts.com https://*.youtube.com https://*.visitor-track.com https://*.licdn.com https://*.facebook.net https://*.sumo.com https://*.doubleclick.net https://*.vimeo.com https://boards.greenhouse.io https://*.greenhouse.io https://*.google-analytics.com https://*.googleadservices.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://sumo.com https://*.googleapis.com https://forms.hubspot.com https://*.bootstrapcdn.com https://wufoo.com https://*.wufoo.com https://*.hubapi.com https://*.hsforms.net https://*.hsforms.com https://*.s3.amazonaws.com https://*.google.com https://graph.facebook.com https://*.swiftype.com; img-src * 'self' data:; report-uri https://pfsweb.report-uri.com/r/d/csp/wizard 3 default-src 'self' https://tribeca.vidavee.com https://img.youtube.com http://business.twitter.com https://analytics.twitter.com http://ad.doubleclick.net http://*.fls.doubleclick.net https://googleads.g.doubleclick.net http://pixel.facebook.com https://www.facebook.com/tr/ http://dc.ads.linkedin.com https://px.ads.linkedin.com https://client.demdex.net https://dpm.demdex.net/ https://cdn.krxd.net/ https://beacon.krxd.net http://bs.serving-sys.com https://googleads.g.doubleclick.net https://assets.adobedtm.com https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://tribeca.vidavee.com https://img.youtube.com https://www.homeloans1.standardbank.co.za https://googleads.g.doubleclick.net https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tribeca.vidavee.com https://img.youtube.com https://connect.facebook.net https://code.jquery.com https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://tribeca.vidavee.com https://img.youtube.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; frame-ancestors 'self'; 3 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce 3 frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 3 default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ; report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 3 frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 3 frame-ancestors 'self' *.ioburo.fr *.alkor-groupe.com *.majuscule.fr *.burolike.com *.officedepot.fr; 3 frame-ancestors 'self' app.storyblok.com *.omappapi.com *.optinmonster.com ; 3 frame-ancestors https://www.xing-news.com https://xing-news.com; 3 default-src 'self' *.sysnet.ie *.sysnetgs.com player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.boldchat.com; connect-src 'self' assurance.sysnetgs.com *.boldchat.com www.google-analytics.com *.demdex.net; img-src 'self' data: us01-prod-sair-static-assets.s3.amazonaws.com eu01-prod-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-itops-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-bau-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-devops-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-dev-sair-static-assets.s3-eu-west-1.amazonaws.com adservice.google.com images.boldchat.com *.sysnet.ie www.google-analytics.com *.demdex.net ad.doubleclick.net stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.net; font-src 'self' data: fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' iscan: data: blob: *.sysnetgs.com *.vimeo.com *.boldchat.com; 3 default-src 'self' https: *.webtrekk.net; img-src 'self' data: https: *.t-systems-mms.com *.webtrekk.net www.facebook.com *.rexx-systems.com *.landbot.io storage.googleapis.com *.webtrekk.net; media-src 'self'; style-src 'self' 'unsafe-inline' blob: https:; font-src 'self' https: player.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.t-systems-mms.com platform.twitter.com connect.facebook.net *.webtrekk.net *.rexx-systems.com static.landbot.io *.yumpu.com *.facebook.net cdn.podigee.com; connect-src 'self' https: *.t-systems-mms.com *.webtrekk.net landbot.io; object-src https: 'self'; frame-ancestors https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de; frame-src https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de platform.twitter.com *.mmsupgradework.dmkdev *.mms-plattform.de player.vimeo.com landbot.io www.yumpu.com; 3 default-src 'self' http: https: ws: wss: *.vimeo.com *.google-analytics.com *.membogo.com js-agent.newrelic.com *.zopim.com https://bam.nr-data.net fonts.googleapis.com *.hpjcc.com *.googleapis.com fonts.gstatic.com *.addthis.com *.addthisedge.com *.nr-data.net 'unsafe-eval' 'self' 'unsafe-inline' data: ; img-src 'self' https: data: blob: ; worker-src 'self' https: blob: ; child-src 'self' https: blob: ; 3 font-src maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com https://www.youtube.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.magezon.com quickchart.io *.cloudflare.com https://cdn.klarna.com data: https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.google.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 3 default-src 'self' s3.amazonaws.com www.youtube.com csi.gstatic.com *;frame-src 'self' optimize.google.com *;worker-src 'self';connect-src 'self' *;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com www.tinymce.com use.fontawesome.com;img-src 'self' 'unsafe-inline' data: blob: *;manifest-src 'self';media-src 'self' s3.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagservices.com www.google-analytics.com securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com 7233492.collect.igodigital.com optimize.google.com images.ahpc.us www.googletagmanager.com * blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com *;base-uri 'self' optimize.google.com;form-action 'self' *;frame-ancestors 'self' optimize.google.com;block-all-mixed-content;upgrade-insecure-requests; 3 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * data: https://* 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ;frame-ancestors 'self'; style-src * data: https://* 'unsafe-inline'; 3 default-src 'self' *.myyellow.com https:; script-src 'self' https://assets.adobedtm.com https://www.google-analytics.com https://www.google.com https://www.youtube.com https://www.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline'; form-action 'self' *.salesforce.com *.myyellow.com https:; frame-ancestors 'self' 3 frame-ancestors 'self' versatilecredit.com *.versatilecredit.com versatilesmartsign.com *.versatilesmartsign.com; 3 frame-ancestors 'self' *.efax.co.uk *.efax.de *.efax.es *.efax.nl *.efax.com *.efax.fr 3 frame-ancestors 'self' https://*.toyota.eu https://*.lexus.eu; 3 default-src 'self' *.kinandcarta.com *.kinandcarta.local;script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kinandcarta.com https://www.google-analytics.com https://www.google.com *.googleapis.com https://www.googletagmanager.com/ https://www.youtube.com/ https://kinandcarta.activehosted.com/ https://d3rxaij56vjege.cloudfront.net/ https://static.elfsight.com/ https://apps.elfsight.com/ https://files.elfsight.com/ https://trackcmp.net/ https://edge.fullstory.com/ https://script.hotjar.com/ https://prism.app-us1.com/ https://j.6sc.co https://snap.licdn.com https://diffuser-cdn.app-us1.com https://tracker.metricool.com *.usabilla.com https://cdn.metarouter.io https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://cookie-cdn.cookiepro.com/ https://cse.google.com/ https://geolocation.onetrust.com/ https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js https://www.gstatic.com https://www.clarity.ms https://cdn.optimizely.com https://*.linkedin.com https://*.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://*.vimeocdn.com https://vimeo.com data:;style-src 'unsafe-inline' 'self' *.kinandcarta.com https://fonts.googleapis.com https://www.google.com/ *.cloudfront.net;font-src 'self' *.kinandcarta.com https://fonts.gstatic.com/ data:;frame-src https://www.facebook.com/ https://www.youtube.com/ https://docs.google.com/ https://player.vimeo.com/ https://omny.fm https://www.google.com/ https://vars.hotjar.com/ *.kinandcarta.com *.cdn.optimizely.com https://boards.greenhouse.io;img-src 'self' *.kinandcarta.com https://px.ads.linkedin.com https://b.6sc.co/ https://tracker.metricool.com https://www.googleapis.com/ https://www.facebook.com/ https://www.googletagmanager.com https://www.google.com/ https://www.google.co.uk/ https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com *.cloudfront.net https://*.linkedin.com https://*.doubleclick.net http://clients1.google.com/ *.usabilla.com https://files.elfsightcdn.com/ https://files.elfsight.com https://c.clarity.ms data:;connect-src 'self' https://cookie-cdn.cookiepro.com/ https://secure.adnxs.com/ https://secure.adnxs.com https://apps.elfsight.com/ https://epsilon.6sense.com wss://*.hotjar.com https://rs.fullstory.com https://e.metarouter.io/ https://in.hotjar.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://privacyportal.cookiepro.com/request/v1/consentreceipts https://c.6sc.co/ https://boards-api.greenhouse.io/ https://vc.hotjar.io *.hotjar.com https://www.clarity.ms https://player.vimeo.com/ https://cdn.optimizely.com https://logx.optimizely.com https://api.usabilla.com https://*.linkedin.com https://*.doubleclick.net;worker-src 'self';media-src https://player.vimeo.com/ https://vod-progressive.akamaized.net/ https://files.elfsightcdn.com/ https://files.elfsight.com;object-src 'self'; 3 frame-ancestors 'self' https://www.miracomohacerlo.com; 3 frame-ancestors *; report-uri https://www.tidalhealth.org/report-uri/enforce 3 default-src *; connect-src *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /security-report.php 3 frame-ancestors 'self' https://commerceinsights.ibmcloud.com 3 default-src 'self' ; connect-src 'self' https://www.google-analytics.com https://api.curator.io https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://talentforjobs.com https://cdn.curator.io https://www.auchan-retail.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://authedmine.com https://ssl.google-analytics.com https://ajax.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com;img-src 'self' https://cdn.cookielaw.org https://img.bfmtv.com https://bfmbusiness.bfmtv.com https://images.auchan.ro https://talentforjobs.com https://curatorio.s3.amazonaws.com https://*.uecdn.es https://www.google.com https://www.instagram.com https://*.curator.io https://www.googletagmanager.com https://www.auchan-retail.com http://pbs.twimg.com https://pbs.twimg.com https://image-store.slidesharecdn.com https://i.ytimg.com https://*.licdn.com https://*.ggpht.com https://*.fbcdn.net https://*.twimg.com https://*.cdninstagram.com https://*.googleusercontent.com https://secure.gravatar.com https://ps.w.org https://www.facebook.com https://csi.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://secure.gravatar.com https://ssl.google-analytics.com data:;style-src 'self' 'unsafe-inline' data: https://talentforjobs.com https://cdn.curator.io https://www.auchan-retail.com https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://cdn.curator.io https://www.auchan-retail.com https://themes.googleusercontent.com https://fonts.gstatic.com data:; child-src https://talentforjobs.com https://www.auchan-retail.com https://www.youtube.com https://indd.adobe.com https://player.vimeo.com https://www.youtu.be; media-src 'self' https://www.instagram.com https://dms.licdn.com https://www.youtu.be https://www.youtube.com https://www.auchan-retail.com https://www.youtube.com https://video.twimg.com https://*.cdninstagram.com; object-src 'none'; frame-ancestors 'self'; base-uri 'none'; 3 script-src * 'unsafe-inline' 'unsafe-eval'; 3 'self'; 3 default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src * 'self' data: 3 media-src * 3 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src data: *; font-src data: *; media-src * blob:; object-src https://jay-marketplace.azureedge.net/; worker-src 'none'; child-src 'self'; frame-src *; frame-ancestors 'self'; form-action 'self' forms.hsforms.com *.tfaforms.com *.eloqua.com; block-all-mixed-content; upgrade-insecure-requests; 3 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; frame-ancestors 'self' nvidia.lookbookhq.com nvidia.pathfactory.com resources.nvidia.com www.nvidia.com www.nvidia.cn preview.nvidia.com; report-uri https://nvidia.report-uri.com/r/d/csp/wizard 3 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' marketing.myresman.com; report-uri /report-violation 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 3 default-src 'self' https:;object-src 'none';img-src 'self' https: data: blob:;font-src 'self' https: data:;style-src 'self' https: 'unsafe-inline';script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self' https://dev-nomadfoods.cs89.force.com https://contactus.birdseye.co.uk https://nomad-foods.force.com https://nomadfoods.force.com https://nomadfoods.my.salesforce.com https://nomad-foods.secure.force.com; child-src 'self' https: blob: 3 frame-ancestors 'self' https://*.epublishmerck.com https://*.epublishorganon.com https://*.facebook.com https://sandbox.oncologynation.com http://sandbox.pathologistconnect.com https://pathologistconnect.com https://*merck-develop.go-vip.co* https://*merck-preprod.go-vip.co*; 3 frame-ancestors 'self' https://gattaca-helix.my.salesforce.com/ 3 frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com 3 frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: https://api.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://libs.de.coremetrics.com https://tmscdn.de.coremetrics.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://api.trustedshops.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://appsapi.veinteractive.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com https://stg.api.bazaarvoice.com https://t13.intelliad.de https://t23.intelliad.de https://test.adyen.com https://trustbadge.api.etrusted.com https://try.abtasty.com https://widgets.trustedshops.com https://www.awin1.com https://www.billiger.de https://www.dwin1.com https://www.econda-monitor.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.sovendus.com; report-uri /walz-webservices/csp-report-collector 3 upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://api.autopilothq.com https://apenterprise.io https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://apenterprise.io https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl argeweb.netwerkstatus.nl https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://api.autopilothq.com https://apenterprise.io; form-action https:; frame-ancestors 'self'; report-uri /debug/csp; 3 default-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.bunrattycastle.ie https://www.craggaunowen.ie https://www.dunguairecastle.com https://www.gpowitnesshistory.ie https://www.kingjohnscastle.com https://www.knappoguecastle.ie https://www.malahidecastleandgardens.ie https://www.newbridgehouseandfarm.com https://www.shannonheritage.com https://www.modelrailwaymuseum.ie data: https://*.facebook.net https://*.facebook.com https://*.hotjar.com https://*.bing.com https://*.typekit.net https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://dev.visualwebsiteoptimizer.com https://*.crazyegg.com https://*.youtube.com https://*.youtu.be https://youtu.be https://cookie-cdn.cookiepro.com https://*.instagram.com https://*.cdninstagram.com; 3 frame-ancestors 'self' piwik.betaalvereniging.nl; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com tag.manager.google.com tagmanager.google.com/ https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.sift.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://maps.googleapis.com https://widget.trustpilot.com https://hexagon-analytics.com http://bat.bing.com http://*.taboola.com https://*.taboola.com https://test.dekopay.com https://secure.dekopay.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://*.youtube.com http://*.youtube.com https://s.ytimg.com https://static.doubleclick.net https://connect.facebook.net https://www.dwin1.com http://*.scarabresearch.com https://*.scarabresearch.com https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js https://trck.spoteffects.net https://googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com; img-src 'self' data: * blob: * https://ssl.gstatic.com/ https://hexagon-analytics.com http://cdn.taboola.com https://cdn.taboola.com http://bat.bing.com https://bat.bing.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://tagmanager.google.com www.googletagmanager.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com; font-src 'self' https://themes.googleusercontent.com data: * https://fonts.gstatic.com http://fonts.gstatic.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com; frame-src 'self' https: https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ http://widget.trustpilot.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net https://connect.facebook.net https://*.sift.com; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: https://www.google-analytics.com https://analytics.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://api.trustedshops.com https://hexagon-analytics.com http://bat.bing.com https://bat.bing.com http://*.taboola.com https://*.taboola.com https://ctx-nsp-sell-watches-dev.s3.eu-west-1.amazonaws.com https://ctx-nsp-sell-watches.s3.eu-central-1.amazonaws.com https://*.g.doubleclick.net https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.hotjar.com/ https://*.hotjar.io/ https://static.zipmoney.com.au https://static.zdassets.com https://kreditrechner-long-test.creditplus.de https://kess.creditplus.de https://j4s6cgablv-dsn.algolia.net https://cdn.contentful.com https://connect.facebook.net https://*.sift.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.emarsys.net https://*.scarabresearch.com https://*.execute-api.eu-central-1.amazonaws.com https://pricing-engine.ful.chronext.com 3 child-src 'self' www.google.com player.vimeo.com s7.addthis.com www.youtube.com *.webspellchecker.net platform.twitter.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.twitter.com cdn.syndication.twimg.com www.gstatic.com www.google.com fast.fonts.net m.addthisedge.com m.addthis.com s7.addthis.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com maps.googleapis.com *.webspellchecker.net www.linkedin.com www.gstatic.com graph.facebook.com v1.addthisedge.com ; frame-src 'self' live.opentracking.co.uk www.strava.com datastudio.google.com platform.twitter.com player.vimeo.com www.google.com *.das.co.uk s7.addthis.com cdn.yoshki.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://policy.privacyandcookies.eu/ https://players.brightcove.net https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net https://players.brightcove.net; frame-ancestors 'self'; img-src 'self' https://www.msd-animal-health.com https://secure.gravatar.com https://www.google-analytics.com/ https://*.brightcove.com https://cdn.cookielaw.org https://policy.privacyandcookies.eu data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types default; 3 frame-ancestors 'self' https://*.etracker.com; 3 default-src 'self'; img-src 'self' data: http: https: *.gravatar.com *.wp.com *.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.wp.com *.wordpress.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com *.wp.com *.wordpress.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com *.wp.com *.wordpress.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.wp.com *.wordpress.com 3 frame-src *; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 3 upgrade-insecure-requests; connect-src 'self' *.siteimprove.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee *.fbcdn.net *.cdninstagram.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://vv.riigikantselei.ee https://riigikantselei.ee https://www.riigikantselei.ee cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://vv.riigikantselei.ee https://docs.google.com https://vv.riigikantselei.ee/et/kontakt https://riigikantselei.ee https://www.riigikantselei.ee cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' https://www.gstatic.com https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com 'unsafe-inline'; frame-ancestors 'self' https://vv.riigikantselei.ee https://docs.google.com https://riigikantselei.ee https://www.riigikantselei.ee; report-uri https://riigikantselei.ee/report-uri/enforce 3 default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/enforce 3 report-uri /csp-hotline.php; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net *.mihtool.com https://cdnjs.cloudflare.com https://yastatic.net yastatic.net https://*.yastatic.net *.slus.name https://*.slus.name:3000 *.yastatic.net *.mail.com https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com vk.com http://tomsk.effad.ru *.effad.ru effad.ru *.me-talk.ru disgusting.ru https://api-maps.yandex.ru *.yandex.net yandex.st *.yadro.ru *.yandex.ru *.ok.ru *.rf-sp.ru https://rf-sp.ru *.tbex.ru *.google-analytics.com *.googleapis.com *.jivosite.com *.jquery.com *.gismeteo.ru *.siteheart.com 38mama.ru me-talk.ru top-fwz1.mail.ru st.top100.ru https://jsconsole.com https://d3js.org; style-src 'self' 'unsafe-inline' *.rf-sp.ru 38mama.ru *.chathelp.ru *.slus.name https://cdnjs.cloudflare.com https://*.gstatic.com *.slus.name:3000 https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://www.google.com https://fonts.googleapis.com; 3 default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 3 default-src 'self' *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 3 frame-ancestors 'self' http://www.mobility-room.com:3000 http://mobility-room.com:3000; 3 frame-ancestors 'self' *.epublishmerck.com facebook.com; 3 base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 3 frame-ancestors 'self' https://*.b2bmit.com https://*.gocatalogs.com; 3 default-src 'self' static.mycity.travel static.j3l.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 3 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 3 default-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; script-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; connect-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; font-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; img-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; child-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline' 3 media-src 'self' *.ebaystatic.com; font-src 'self' *.ebaystatic.com 3 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://popupmaker.com https://*.googletagmanager.com https://*.bronto.com wss://*.hotjar.com https://snapwidget.com https://*.nr-data.net https://*.newrelic.com https://*.calendly.com https://*.flodesk.com https://*.getsitecontrol.com https://*.sharethis.com https://*.vistag.com https://*.privy.com https://*.zopim.com https://*.zdassets.com *.mailchimp.com *.hotjar.com http://localhost:* https://*.powr.io https://*.tawk.to https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com *.fonts.net/ http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com *.googleapis.com/ https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net *.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ *.segment.com/ https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com *.driftt.com *.tokenex.com https://browser.sentry-cdn.com https://js.sentry-cdn.com *.smartlook.cloud *.hsadspixel.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-banner.com https://*.doubleclick.net https://*.localizecdn.com;object-src 'self' https://repzio-azurefunctions-pdfgenerator.azurewebsites.net;style-src 'self' 'unsafe-inline' https://popupmaker.com https://*.privy.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.fonts.net https://fonts.googleapis.com http://cdn.datatables.net https://cdn-images.mailchimp.com https://use.fontawesome.com https://translate.googleapis.com;img-src 'self' https://snapwidget.com https://popupmaker.com https://google-analytics.com https://*.sharethis.com https://*.privy.com https://privymktg.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com https://salesrepimages.s3.amazonaws.com *.fonts.net/ https://p.typekit.net https://*.localizecdn.com;media-src 'self' https://*.privy.com https://*.zdassets.com https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com;frame-src https://*.captur3d.io/ https://*.matterport.com/ https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://snapwidget.com https://*.aftermkt.com https://popupmaker.com https://momento360.com https://calendly.com https://kuula.co https://*.activemerchandiser.com https://*.hotjar.com https://c.sharethis.mgr.consensu.org https://*.sharethis.com https://*.privy.com *.list-manage.com/ *.driftt.com https://*.tawk.to https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com https://repzio-azurefunctions-pdfgenerator.azurewebsites.net *.tokenex.com/;font-src 'self' https://b2bbucket.s3.amazonaws.com https://*.vistag.com https://*.privy.com https://*.zdassets.com https://*.tawk.to https://cdn.lightwidget.com https://cdn.joinhoney.com data: *.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com;connect-src 'self' https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://popupmaker.com https://*.popupmaker.com https://*.flodesk.com https://*.getsitecontrol.com *.hotjar.com https://*.sharethis.com https://*.vistag.com https://*.privy.com ws://*.zopim.com https://*.zopim.com https://*.zendesk.com https://*.zdassets.com ws://*.tawk.to https://*.tawk.to https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net https://repzio.azure-api.net https://performance.typekit.net https://tearsheetsgeneration.blob.core.windows.net *.sentry.io *.smartlook.cloud *.hsadspixel.net https://*.amazonaws.com https://*.localizecdn.com;report-uri /WebResource.axd?cspReport=true 3 default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 3 block-all-mixed-content; report-uri /v1/csplog 3 default-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://cdn1.readspeaker.com https://app-eu.readspeaker.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://f1-eu.readspeaker.com https://monitoring.echobot.de https://event.beyondwork2020.com https://walls.io https://streaming.talk42.de https://streaming.sendewerk.berlin/ https://stream.zukunftsarena.de/ https://www.berufsorientierungsprogramm.de 'unsafe-inline' blob:; img-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://*.tile.openstreetmap.org/ https://api.mapbox.com/ https://www.berufsorientierungsprogramm.de 'unsafe-inline' data:;font-src 'self' data:; 3 frame-ancestors 'self' *.letgroup.com 3 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline' wss:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 frame-ancestors 'self' facebook.com *.facebook.com 3 default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' 3 default-src 'self'; img-src 'self' *.gstatic.com *.g.doubleclick.net https://bat.bing.com https://cdn.jjkeller.com https://*.livechatinc.com https://www.google.com https://www.google-analytics.com https://app.jjkellerlibrary.com data:; script-src 'self' 'unsafe-inline' https://pureconnect.jjkeller.com *.gstatic.com *.simplemaps.com *.jjkeller.com *.mypureconnect.com *.cloudfront.net *.mypurecloud.com tagmanager.google.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googleapis.com https://*.livechatinc.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://s.ytimg.com https://i.ytimg.com https://www.youtube.com https://static.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' tagmanager.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://db.onlinewebfonts.com https://*.googleusercontent.com https://*.livechatinc.com https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com https://www.pages04.net https://www.youtube.com https://*.livechatinc.com https://bid.g.doubleclick.net https://www.youtube-nocookie.com; connect-src 'self' *.google-analytics.com https://www.google-analytics.com *.jjkeller.com us-street.api.smartystreets.com iw-145-den.us.cscp.hosted-inin.com *.mypurecloud.com; 3 frame-ancestors plaid2016.nationbuilder.com 3 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; 3 unsafe-inline 3 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.braintreegateway.com/ https://assets.braintreegateway.com https://api.braintreegateway.com https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://cdn.ckeditor.com/ https://www.google.com/ https://ajax.googleapis.com/ https://s3-us-west-2.amazonaws.com/; style-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://ajax.googleapis.com/; font-src 'self'; img-src 'self' data: https://cdn.ckeditor.com/ https://code.jquery.com/ https://assets.braintreegateway.com; frame-src 'self' https://www.openstreetmap.org/ https://assets.braintreegateway.com; frame-ancestors 'self'; object-src 'self'; child-src 'self' https://assets.braintreegateway.com; connect-src 'self' https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com 3 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 3 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 3 default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: http://www.cockovnik.cz http://www.vasecocky.cz http://www.lentiamo.cz; frame-ancestors 'self' 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline' 3 default-src 'none'; object-src 'self'; frame-src 'self' *.begabungslotse.de *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' 'unsafe-inline' *.bildung-und-begabung.de; script-src-elem 'self' 'unsafe-inline' *.bildung-und-begabung.de; script-src 'self' 'unsafe-inline' *.bildung-und-begabung.de; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src 'self' *.bildung-und-begabung.de 3 frame-ancestors 'self' https://secure.simplepart.com https://secure.cml.oeconnection.com https://portal.oeconnection.com; 3 default-src 'self' www.youtube.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.googletagmanager.com twitter.com static.queue-it.net p.typekit.net bat.bing.com performance.typekit.net fls.doubleclick.net pixel-a.basis.net ct.pinterest.com googleads.g.doubleclick.net omahapa-preprod.azurewebsites.net siteimproveanalytics.com 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googleadservices.com connect.facebook.net www.googletagmanager.com tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com platform.twitter.com platform.twitter.co www.facebook.com connect.facebook.net facebook.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com www.google-analytics.com stats.g.doubleclick.net optimize.google.com widgets.instantencore.com services.instantencore.com code.jquery.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.googletagmanager.com www.youtube.com twitter.com s.pinimg.com www.googleadservices.com use.typekit.net s.yimg.com static.queue-it.net queue-it.net assets.queue-it.net bat.bing.com performance.typekit.net fls.doubleclick.net pixel-a.basis.net ct.pinterest.com googleads.g.doubleclick.net static.ads-twitter.com sp.analytics.yahoo.com analytics.twitter.com cdnjs.cloudflare.com omahapa-preprod.azurewebsites.net googleads.g.doubleclick.net siteimproveanalytics.com 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googletagmanager.com tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com optimize.google.com www.google-analytics.com widgets.instantencore.com services.instantencore.com code.jquery.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdnjs.cloudflare.com omahapa-preprod.azurewebsites.net tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca optimize.google.com code.jquery.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.typekit.net data: tagmanager.google.com www.googletagmanager.com fonts.googleapis.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.youtube.com p.typekit.net pixel-a.basis.net pixel.sitescout.com stats.g.doubleclick.net bat.bing.com t.co www.google.com ct.pinterest.com googleads.g.doubleclick.net omahapa-preprod.azurewebsites.net 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googletagmanager.com tagmanager.google.com www.googletagmanager.com ssl.gstatic.com lh3.googleusercontent.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.youtube.com widgets.instantencore.com services.instantencore.com s3.amazonaws.com; media-src 'self' data: blob: www.youtube.com o-pa.org www.o-pa.org ticketomaha.com www.ticketomaha.com; frame-src www.youtube.com twitter.com pixel-a.basis.net pixel.sitescout.com fls.doubleclick.net 6899690.fls.doubleclick.net bid.g.doubleclick.net 8071554.fls.doubleclick.net www.google.com 8093096.fls.doubleclick.net omahapa-preprod.azurewebsites.net ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net bi.capacityinteractive.com capacityinteractive.com platform.twitter.com platform.twitter.co www.facebook.com connect.facebook.net facebook.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com optimize.google.com www.google-analytics.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com optimize.google.com www.google-analytics.com code.jquery.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net s.yimg.com ct.pinterest.com performance.typekit.net omahapa-preprod.azurewebsites.net bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com stats.g.doubleclick.net www.google-analytics.com optimize.google.com code.jquery.com; 3 default-src 'self'; script-src 'self' eemsdelta.matomo.cloud 'nonce-T0RWaU9XSmtNMlU0WkROak0yRms=' https://unpkg.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' https://cdn.jsdelivr.net 'sha256-g3cA2hW9vt0d8Kys2VzBTv1trUIFM0n6GRws71pB9hc='; img-src 'self' data: eemsdelta.matomo.cloud; media-src 'self'; frame-src 'self' *.youtube.com https://geo-dal.maps.arcgis.com/ https://geo-eemsdelta.maps.arcgis.com/ https://www.toegankelijkheidsverklaring.nl/ *.youtube-nocookie.com; frame-ancestors 'self' eemsdelta.matomo.cloud; child-src 'self' *.youtube.com *.youtube-nocookie.com; font-src 'self' data: *.googleusercontent.com; connect-src 'self' eemsdelta.matomo.cloud; report-uri /report-csp-violation 3 default-src https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.eventplanner.net *.eventplanner.be *.eventplanner.nl *.eventplanner.fr *.eventplanner.de *.eventplanner.es *.eventplanner.co.uk *.eventplanner.ie *.pinkminds.tv *.stripe.com *.facebook.net *.facebook.com *.google.com *.google.be *.google.it *.google.es *.google.fr *.google.de *.google.it *.google.co.uk *.google.ie *.googletagservices.com *.gstatic.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.googletagmanager.com *.ampproject.org *.googlesyndication.com *.freshchat.com *.licdn.com *.instagram.com *.twitter.com; font-src 'self' 'unsafe-inline' data: *.eventplanner.net *.eventplanner.be *.eventplanner.nl *.eventplanner.fr *.eventplanner.de *.eventplanner.es *.eventplanner.co.uk *.eventplanner.ie *.pinkminds.tv *.gstatic.com *.instagram.com; img-src http: https: blob: data:; style-src 'self' 'unsafe-inline' *.eventplanner.net *.eventplanner.be *.eventplanner.nl *.eventplanner.fr *.eventplanner.de *.eventplanner.es *.eventplanner.co.uk *.eventplanner.ie *.pinkminds.tv *.freshchat.com *.gstatic.com *.googleapis.com; child-src 'self' blob: *.eventplanner.net *.eventplanner.be *.eventplanner.nl *.eventplanner.fr *.eventplanner.de *.eventplanner.es *.eventplanner.co.uk *.eventplanner.ie *.eventplanner.tv *.pinkminds.tv *.stripe.com *.facebook.net *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.google.be *.google.it *.google.es *.google.fr *.google.de *.google.it *.google.co.uk *.google.ie *.googlesyndication.com *.doubleclick.net *.freshchat.com; frame-ancestors 'self'; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://translate.google.com/ https://use.typekit.net/ https://www.googleadservices.com/ *.googleapis.com/ *.callrail.com/ *.addthis.com/ https://s7.addthis.com/ *.google-analytics.com/ https://connect.facebook.net/ https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://*.adroll.com/ https://d.adroll.mgr.consensu.org/ https://www.googletagmanager.com/ http://ws.sharethis.com/ https://t.sharethis.com/ https://maps.google.com/ *.calltrk.com https://z.moatads.com/ https://v1.addthisedge.com/ https://*.addthis.com/ https://*.cloudflare.com/ https://cdn.callreports.com/ https://widget.intercom.io/ https://js.intercomcdn.com/ *.fontawesome.com/ *.stripe.com/ *.olark.com/ *.wistia.com/ *.wistia.net/ *.filestackapi.com/ *.bootstrapcdn.com/ *.authorize.net/ https://mkjwebsites.com/ *.app-us1.com/ https://trackcmp.net/ https://code.jquery.com/ *.google.com/ *.gstatic.com/ *.wp.com/ *.sharethis.com/ *.gravatar.com/ https://translate.googleapis.com/ platform.reviewmgr.com/ *.jwpcdn.com/ *.jsdelivr.net/ *.activehosted.com/ *.brandcdn.com/ *.rlets.com/ *.bing.com/ *.simpli.fi/ https://birdeye.com/ *.klaviyo.com/ forms.aweber.com; 3 connect-src * 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 3 default-src data: blob: 'unsafe-inline' 'self' *.domainoo.com 3 default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'none'; 3 default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com ; 2 default-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com player.4am.ch polyfill.io services.arcgis.com www.googleadservices.com assets.sitescdn.net *.nativechat.com *.addthis.com static.hotjar.com app.powerbi.com dc.services.visualstudio.com wabi-north-europe-redirect.analysis.windows.net pbipdfapp.azurewebsites.net content.powerapps.com visuals.azureedge.net gis.azureedge.net pbi.azureedge.net *.who.int m.addthis.com liveapi-cached.yext.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com liveapi.yext.com answers.yext-pixel.com westeurope.tts.speech.microsoft.com wabi-north-europe-redirect.analysis.windows.net pbipdfapp.azurewebsites.net who.cloudflareaccess.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com www.youtube.com cdn.insight.sitefinity.com public.tableau.com *.googleapis.com *.nativechat.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com *.sharethis.com connect.facebook.net ajax.aspnetcdn.com cdnjs.cloudflare.com www.clarity.ms c.clarity.ms https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org s7.addthis.com kendo.cdn.telerik.com www.googletagmanager.com z.moatads.com v1.addthisedge.com cdnjs.cloudflare.com www.who.int polyfill.io kendo.cdn.telerik.com *.googletagmanager.com *.pingdom.net *.jwpcdn.com *.doubleclick.net assets.sitescdn.net whosearch.searchblox.com *.msecnd.net tagmanager.google.com static.hotjar.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com script.hotjar.com assets.pinterest.com apps.who.int m.addthis.com npmcdn.com script.hotjar.com; style-src 'self' 'unsafe-inline' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com *.googleapis.com *.nativechat.com *.sharethis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com cdn.insight.sitefinity.com cdnjs.cloudflare.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com www.who.int player.4am.ch whosearch.searchblox.com tagmanager.google.com; font-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com fonts.gstatic.com kendo.cdn.telerik.com *.nativechat.com *.sharethis.com netdna.bootstrapcdn.com data: use.fontawesome.com www.who.int player.4am.ch whosearch.searchblox.com script.hotjar.com app.powerbi.com pbi.azureedge.net; img-src 'self' data: tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com cdn.insight.sitefinity.com js.arcgis.com *.gstatic.com *.googleapis.com *.nativechat.com *.sharethis.com *.google-analytics.com platform.tumblr.com www.clarity.ms c.clarity.ms web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://apps.who.int https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net *.who.int yt3.ggpht.com i.ytimg.com addthis.com *.googleusercontent.com googletagmanager.com script.hotjar.com www.addthis.com log.pinterest.com whosearch.searchblox.com app.powerbi.com pbi.azureedge.net kendo.cdn.telerik.com; media-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com terrance.who.int data: blob: *.who.int; frame-src 'self' tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com who.maps.arcgis.com player.vimeo.com html5-player.libsyn.com *.nativechat.com public.tableau.com experience.arcgis.com www.facebook.com s7.addthis.com www.youtube.com platform.twitter.com *.who.int *.doubleclick.net docs.google.com syndication.twitter.com *.sitefinity.cloud player.4am.ch *.sharethis.mgr.consensu.org *.google.com vars.hotjar.com youtube-nocookie.com covidfunding.eiu.com staging-dot-eiu-wellcome-7664.nw.r.appspot.com who-covid-answers.int.pagescdn.com who-answers.pagescdn.com assets.pinterest.com www.youtube-nocookie.com vars.hotjar.com app.powerbi.com pbi.azureedge.net wabi-north-europe-g-primary-redirect.analysis.windows.net; frame-ancestors tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com app.powerbi.com pbi.azureedge.net *.who.int; child-src 'self' blob: tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com https://platform.twitter.com/ https://syndication.twitter.com/ *.nativechat.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.who.int; connect-src 'self' frontdoor-l4uikgap6gz3m.azurefd.net geocode.arcgis.com tiles.arcgis.com www.arcgis.com services.arcgis.com static.arcgis.com utility.arcgisonline.com js.arcgis.com stats.g.doubleclick.net accounts.google.com https://*.dec.sitefinity.com *.nativechat.com *.mktoresp.com *.who.int www.clarity.ms c.clarity.ms services.arcgis.com dc.services.visualstudio.com whosearch.searchblox.com *.google-analytics.com smartsuggest.searchblox.com m.addthis.com liveapi-cached.yext.com liveapi.yext.com answers.yext-pixel.com wss://westeurope.tts.speech.microsoft.com in.hotjar.com wss://*.hotjar.com *.hotjar.com vc.hotjar.io app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net; object-src tiles.arcgis.com www.arcgis.com services.arcgis.com utility.arcgisonline.com js.arcgis.com app.powerbi.com pbi.azureedge.net pbipdfapp.azurewebsites.net wabi-north-europe-redirect.analysis.windows.net; 2 frame-ancestors 'self' https://ss.datasconsole.com; 2 frame-ancestors 'self' https://mycourses.w3schools.com; 2 default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.amazon-adsystem.com https://*.rubiconproject.com https://*.lijit.com https://*.openx.net https://*.aaxads.com https://*.criteo.com https://*.ads-twitter.com https://*.dwin1.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://sc-static.net https://static.bytedance.com https://*.iteratehq.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.googlesyndication.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net https://accounts.google.com https://*.amazon-adsystem.com https://*.aaxads.com https://*.iteratehq.com https://iteratehq.com ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2 frame-ancestors *.mediafire.com 2 style-src 'self' 'unsafe-inline' *.gov; 2 upgrade-insecure-requests; frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 2 base-uri 'self'; connect-src * blob: data: ; default-src 'self' *.meetup.com *.dev.meetup.com:8001; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: ;script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; object-src 'none' 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ *.google-analytics.com https://www.google.com https://www.gstatic.com https://apis.google.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://broadcast.st.dl.bscstorage.net https://broadcast.st.dl.eccdnx.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamvideo-a.akamaihd.net/; frame-src 'self' steam: https://store.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ; 2 default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' piwik.openstreetmap.org https://nominatim.openstreetmap.org/ https://overpass-api.de/api/interpreter https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com tileserver.memomaps.de *.openstreetmap.fr piwik.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' piwik.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.apple.com http://*.apple.com https://*.mzstatic.com https://*.apple-mapkit.com https://p-events-delivery.akamaized.net http://p-events-delivery.akamaized.net https://apple-events.akamaized.net https://mediaservices.cdn-apple.com http://mediaservices.cdn-apple.com 2 frame-ancestors 'self' *.wallet.airpay.tw *.airpay.tw *.shopeemobile.com *.shopee.tw *.shopee.cn *.facebook.com; 2 frame-ancestors 'self'; frame-src 'self' https: data: 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.joomla.org https://*.pingdom.net https://*.googleapis.com https://*.doubleclick.net https://*.amazon-adsystem.com https://completion.amazon.com; style-src 'self' 'unsafe-inline' https://*.joomla.org https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com; connect-src 'self' https://*.joomla.org https://hcaptcha.com https://*.hcaptcha.com https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://www.slideshare.net; font-src 'self' https://fonts.gstatic.com https://*.joomla.org; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.googleapis.com https://img.youtube.com https://i1.ytimg.com https://i.ytimg.com https://i9.ytimg.com https://s.ytimg.com https://*.amazon-adsystem.com https://*.ssl-images-amazon.com https://*.assoc-amazon.com https://m.media-amazon.com https://opensourcematters.org https://*.opensourcematters.org; media-src 'self' https://*.googlevideo.com; report-uri https://wwwjorg.report-uri.com/r/t/csp/enforce 2 frame-ancestors *.icann.org 2 default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz 2 frame-ancestors 'self' *.indiatimes.com *.idiva.com 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com www.googletagmanager.com www.google-analytics.com *.google.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com;script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com cdn.jsdelivr.net stackpath.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com *.google.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com;img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com;font-src 'self' 'unsafe-inline' data: fonts.gstatic.com use.typekit.net;connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com *.doubleclick.net api.lever.co *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app;media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com 2 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com 2 frame-ancestors 'self' *.globalsources.com *.asiansources.com *.globalsources.com.hk; 2 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp®ion=US&lang=en-US&device=desktop&partner=att; 2 frame-ancestors https://ads.idntimes.com https://fyi.idntimes.com 2 default-src 'self' ; img-src 'self' https://*.contentsquare.net https://*.lmiutil.com/ https://px.ads.linkedin.com/ https://sp1.convertro.com/api/hit/lastpass/ https://www.google-analytics.com/ https://*.company-target.com/ https://logmeincdn.azureedge.net/ https://*.company-target.com/* https://*.lastpass.com https://lastpass.com https://*.go-mpulse.net https://*.akstat.io/ data: https://*.g2.com https://*.akstat.io/ https://*.go-mpulse.net https://*.company-target.com/* https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com https://*.company-target.com/ https://www07.clicktale.net/ https://lastpass-sc.usva.logmeinx.com/ https://lastpass-sc.usca.logmeinx.com/ https://lastpass-sc.usil.logmeinx.com/ https://lastpass-sc.ustx.logmeinx.com/ https://lastpass-sc.defr.logmeinx.com/ https://lastpass-sc.ukay.logmeinx.com/ https://lastpass-sc-gamma.usca.logmeinx.com/ https://*.logmeinx.com https://d.adroll.com https://secimg.vmmpxl.com https://rs.gwallet.com https://s-cs.send.microad.jp https://pixel.rubiconproject.com https://*.openx.net https://dpm.demdex.net https://ads.yahoo.com https://dsum-sec.casalemedia.com https://simage2.pubmatic.com https://trc.taboola.com https://x.bidswitch.net https://idsync.rlcdn.com https://stags.bluekai.com https://ums.adtechus.com https://io.narrative.io https://atemda.com https://t.brand-server.com https://pixel.quantserve.com; object-src 'self' https://*.akstat.io/ https://*.go-mpulse.net https://*.googlevideo.com https://*.youtube.com https://*.youtube.com https://*.ytimg.com https://*.ytimg.com https://www.google.com https://youtube.googleapis.com; connect-src 'self' https://*.contentsquare.net https://*.cardinalcommerce.com https://*.akstat.io/ https://*.go-mpulse.net https://*.lastpass.com https://lastpass.com wss://*.lastpass.com https://*.optimizely.com https://5399020466.log.optimizely.com https://pollserver.lastpass.com https://loglogin.lastpass.com https://*.clicktale.net https://dc.services.visualstudio.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cardinalcommerce.com https://*.lmiutil.com/ https://logmeincdn.azureedge.net https://fonts.googleapis.com/ https://*.lastpass.com https://lastpass.com https://html-lastpass-develop.azurewebsites.net https://html-lastpass-master.azurewebsites.net; plugin-types application/x-invalid-type application/pdf ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.goto.com/ https://*.cardinalcommerce.com https://cdn.lmiutil.com/ https://*.go-mpulse.net https://cdn.lmiutil.com/lpassets/clicktale/ https://lastpass.com/m.php/quickdl2 https://*.cybersource.com/ https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://logmeincdn.azureedge.net https://cdn.clicktale.net/ https://*.lastpass.com https://lastpass.com https://www.youtube.com https://*.ytimg.com https://cdnssl.clicktale.net/ https://www.sc.pages04.net https://cdn.getsmartcontent.com/ https://api.bizographics.com https://us-east-1.profile-api.ads.linkedin.com https://s.getsmartcontent.com https://az416426.vo.msecnd.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://litmus.com https://lmistatic.blob.core.windows.net/ https://fonts.gstatic.com/ https://*.lastpass.com https://lastpass.com; media-src ;frame-src *;frame-ancestors 'self' https://*.lookbookhq.com https://*.pathfactory.com https://*.logmein.com https://*.lastpass.com;worker-src https://*.lastpass.com blob: 2 default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://service.maxymiser.net/ http://tags.tiqcdn.com/ https://*.netsuite.com http://consent.truste.com *.trustarc.com *.adroll.com *.bing.com https://*.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://vlog.leadformix.com *.googleapis.com *.ensighten.com *.demandbase.com http://chat.leadformix.com static.atgsvcs.com rules.atgsvcs.com netsuite-salechat.custhelp.com netsuite-salechat.custhelp.com http://netsuite-salechat.widget.custhelp.com http://netsuite-salechat.widget.custhelp.com bronto--tst1.custhelp.com http://bronto--tst1.widget.custhelp.com www.rnengage.com *.rightnowtech.com https://assets.adobedtm.com http://img.en25.com http://netsuite-www.baynote.net *.facebook.com *.facebook.net *.google.com *.twitter.com *.yahoo.com *.akamaihd.net *.demdex.net *.omtrdc.net https://*.adobetag.com https://*.linkedin.com *.licdn.com https://*.openx.net https://*.rubiconproject.com https://*.gumgum.com https://*.casalemedia.com https://*.media6degrees.com *.company-target.com *.rlcdn.com https://*.pubmatic.com https://*.w55c.net https://*.bidswitch.net https://*.narrative.io *.bidr.io *.2o7.net https://tags.bkrtx.com flex.atdmt.com https://s.yimg.com *.oracleinfinity.io https://dqm.crownpeak.com/; style-src 'self' 'unsafe-inline' https://netsuite-salechat.widget.custhelp.com https://bronto--tst1.widget.custhelp.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src * data: ; frame-src 'self' http://service.maxymiser.net/ https://go.netsuite.com *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.omtrdc.net *.trustarc.com http://chat.leadformix.com https://netsuite-salechat.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com https://bronto--tst1.custhelp.com/ *.demdex.net *.bluekai.com *.extforms.netsuite.com *.app.netsuite.com https://platform.twitter.com; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com *.omtrdc.net *.demdex.net http://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://s.yimg.com https://www-stage.oracle.com https://api.crownpeak.net/; media-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self' https://*.softpedia.com/; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2 frame-ancestors 'self' *.app.clicktale.com app.optimizely.com analytics.google.com; 2 frame-ancestors 'self' https://*.justia.com http://*.justia.com 2 default-src 'self' *.ecosia.org data: *.sentry.io; script-src 'sha256-gXEa/ox27lc0j/LlMMwkKmL/1B0478dS6GEwJbxShvo=' 'self' 'self' *.ecosia.org *.sentry.io dy1cy3yp6fd82.cloudfront.net; img-src 'self' *.ecosia.org s3.amazonaws.com data: ecosia-notifications.ghost.io; style-src 'self' *.ecosia.org 'unsafe-inline'; connect-src 'self' *.ecosia.org *.sentry.io; frame-ancestors 'none' 2 default-src 'self' https://arduino.cc; script-src 'self' 'unsafe-inline' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.iubenda.com https://*.hotjar.com data: https://tagmanager.google.com https://*.googletagservices.com https://*.googlesyndication.com https://consent.trustarc.com https://forum.arduino.cc https://store.arduino.cc https://store-cdn.arduino.cc https://arduino.cc https://checkout.stripe.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://ads.supplyframe.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://js.stripe.com https://auth.arduino.cc https://cdn.arduino.cc https://content.arduino.cc https://cdnjs.cloudflare.com https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com https://arduino.cc https://id.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://content.arduino.cc; font-src 'self' https://js.intercomcdn.com http://fonts.intercomcdn.com https://fonts.gstatic.com https://content.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc; img-src 'self' data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https:; connect-src 'self' https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.iubenda.com https://*.algolia.net https://*.algolianet.com https://content.arduino.cc https://fonts.gstatic.com https://*.hotjar.com https://login.arduino.cc https://auth.arduino.cc https://blog.arduino.cc https://api.arduino.cc https://api2.arduino.cc https://my.arduino.cc https://forum.arduino.cc https://store.arduino.cc https://checkout.stripe.com https://api.stripe.com https://cdn.arduino.cc https://www.google-analytics.com https://cdn-stag.arduino.cc https://trackerapi.trustarc.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://create.arduino.cc https://downloads.arduino.cc https://checkout.stripe.com https://www.youtube.com https://js.stripe.com https://www.hackster.io; frame-src 'self' https://*.hotjar.com https://login.arduino.cc https://consent-pref.trustarc.com https://auth.arduino.cc https://create.arduino.cc https://downloads.arduino.cc https://docs.google.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://www.hackster.io https://staticxx.facebook.com https://iframe.dacast.com https://*.iubenda.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' *.arduino.cc 2 script-src * 'unsafe-inline'; style-src * 'unsafe-inline' blob:; img-src * data: blob: 2 base-uri https://*.ryanair.com https://*.laudamotion.com; child-src https://*.hotjar.com https://*.hotjar.io; worker-src https://*.ryanair.com; connect-src 'self' https://*.ryanair.com https://*.launchdarkly.com https://bam.nr-data.net/ https://dpm.demdex.net https://js-agent.newrelic.com https://script.hotjar.com https://smetrics.ryanair.com https://*.hotjar.com https://*.hotjar.io https://*.boxever.com https://www.gstatic.com https://news.ryanair.com https://www.google-analytics.com wss://*.hotjar.com https://www.rentalcars.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://www.ryanair.com https://api.ryanair.com https://assets.ryanair.com https://desktopapps.ryanair.com https://places-rooms.ryanair.com https://help.ryanair.com wss://help.ryanair.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com; default-src 'self' https://ajax.googleapis.com https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://help.ryanair.com wss://help.ryanair.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com; frame-src 'self' https://*.ryanair.com https://ryanair.demdex.net https://*.hotjar.com https://*.hotjar.io https://*.cdn-net.com https://www.google.com https://*.accdab.net; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://ajax.googleapis.com https://assets.ryanair.com; img-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net https://dpm.demdex.net https://smetrics.ryanair.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://cm.g.doubleclick.net https://*.criteo.com https://www.facebook.com https://play-lh.googleusercontent.com https://v2assets.zopim.io https://static.zdassets.com https://s3.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://v2uploads.zopim.io https://pixel.quantserve.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://*.doubleclick.net https://www.googleadservices.com https://assets.ryanair.com/; manifest-src https://*.ryanair.com https://*.laudamotion.com; object-src 'self' https://*.cdn-net.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.boxever.com https://*.cdn-net.com https://*.googleapis.com https://*.launchdarkly.com https://assets.ryanair.com https://bam.nr-data.net https://d1mj578wat5n4o.cloudfront.net https://js-agent.newrelic.com https://*.hotjar.com https://*.hotjar.io https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://cdnjs.cloudflare.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://*.doubleclick.net https://www.googleadservices.com https://polyfill.ryanair.com https://help.ryanair.com wss://help.ryanair.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; report-uri https://csp-reporter.ryanair.com/report?app=homepage; 2 frame-ancestors frame-ancestors 'self' 2 frame-ancestors 'self';default-src blob: https: data: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' *.imperial.ac.uk *.ic.ac.uk 2 frame-ancestors 'self' https://www.google.com https://www-thestreet-com.cdn.ampproject.org; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 2 frame-ancestors 'self' https://www.google.com https://www-biography-com.cdn.ampproject.org; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 2 frame-ancestors 'self' 2 style-src 'self' 'unsafe-inline' web-assets.waze.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'strict-dynamic' 'sha256-BMvBpjC0f0/CBhTrdJIPVtfIbge+xCToXEoo22g1eRw=' 'sha256-jn4sZauPqbRhn0bhA4FVpDKYTG3f5j7/aGfMNKqYeQo=' 'sha256-uGN4KzZB/JUJtJrUeFtbcd7JEfmp/OQAFHAeufvSAH8=' 'sha256-/qo9oxyWI5y/EjA3dTpPZbBSj3HTpm2W27+h3HdcmpM=' 'sha256-7SWQ3X+1UGFgAEV4XxbRlMankCuTEIo2r8uS+2dFUQY=' 'sha256-vv1+zn+HXprjPeZf0VMbl72kWhCEnWd8NyfMoFu90K4=' 'sha256-KB8kElO4JI0bPbQ33aSjxg5i+9mVIg9iLQVyaK6wPkk=' 'sha256-bfqP5UYmNJwm9fTSHb+tzjS/4QHkebLhB+ygLLdigAo=' www.waze.com web-assets.waze.com www.google.com www.youtube.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net s.ytimg.com; report-uri https://csp.withgoogle.com/csp/waze/20200907_experiment; 2 default-src 'self' blob: *.akamaized.net *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com www.apple.com.cn www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' data: blob: *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: apple.com *.apple.com *.apple.com.cn *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com *.apple.com.cn 2 base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://*.openplatform.us; font-src 'self' https://gab.com; img-src 'self' https: data: blob: https://gab.com; style-src 'self' 'unsafe-inline' https://gab.com; media-src 'self' https: data: https://gab.com; frame-src 'self' https:; manifest-src 'self' https://gab.com; connect-src 'self' blob: https://gab.com wss://gab.com https://*.gab.com; script-src 'self' https://gab.com https://*.gab.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2 frame-ancestors https://*.udacity.com 2 frame-ancestors 'self' ebooks.t4edu.com ebooks.madrasati.sa iencontent.ien.edu.sa; 2 default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zdassets.com *.zopim.com *.amplitude.com *.surveymonkey.com js.adsrvr.org ajax.googleapis.com www.googleadservices.com *.zdassets.com *.zopim.com life360.zendesk.com static.ads-twitter.com analytics.twitter.com analytics.tiktok.com bat.bing.com sf16-scmcdn-va.ibytedtos.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org *.appboycdn.com *.facebook.net; style-src 'self' 'unsafe-inline'; connect-src 'self' https://static.zdassets.com https://amplitude.life360.com/ https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com www.google-analytics.com *.zdassets.com *.zopim.com stats.g.doubleclick.net cdn.cookielaw.org life360.zendesk.com support.life360.com *.greenhouse.io *.braze.com analytics.tiktok.com; img-src 'self' *.cloudfront.net *.locationiq.org life360-wordpress.s3.amazonaws.com life360.zendesk.com *.doubleclick.net cdn.cookielaw.org secure.adnxs.com insight.adsrvr.org support.life360.com www.googletagmanager.com www.google-analytics.com *.google.com t.co www.facebook.com bat.bing.com *.ytimg.com https://v2assets.zopim.io https://static.zdassets.com data: *.gravatar.com; child-src 'self' www.surveymonkey.com cdn.cookielaw.org insight.adsrvr.org www.ajax.googleapis.com www.youtube.com www.youtube-nocookie.com www.google.com *.doubleclick.net www.facebook.com; font-src 'self' data:; 2 frame-ancestors 'self' https://*.sproutsocial.com https://sproutsocial.com; 2 default-src https: wss:; script-src about: 'unsafe-inline' 'unsafe-eval' https: wss:; img-src data: blob: https: wss:; style-src 'unsafe-inline' https: wss: blob:; font-src https: data: wss: 'self'; connect-src 'self' https: wss:; report-uri https://idcqaenforce.report-uri.com/r/d/csp/enforce; 2 connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com api.advcake.com vk.com 'self' *.tinkoff.ru *.tcsbank.ru wss://*.tinkoff.ru platform-sentry.tcsbank.ru sentry.tinkoff.ru www.cdn-tinkoff.ru cfg.tinkoff.ru www.tinkoff.ru acdn.tinkoff.ru business.tinkoff.ru; script-src sync.datamind.ru www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com *.g.doubleclick.net assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.google-analytics.com googleads.g.doubleclick.net www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com connect.facebook.net *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru ad.doubleclick.net 'self' 'unsafe-eval' 'unsafe-inline' https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com https://*.1tv.ru/; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net www.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru hit.acstat.com dp.tinkoffinsurance.ru *.fls.doubleclick.net 'self' data: *.tcsbank.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com https://*.1tv.ru/; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net 'self' blob: *.tinkoff.ru *.tcsbank.ru https://www.youtube.com https://*.1tv.ru/; report-uri https://www.tinkoff.ru/api/front/log/csp-error?appName=pfphome&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru 2 frame-ancestors http://www.vistaprint.com https://www.vistaprint.com http://vistaprint.com https://vistaprint.com https://www.optimizelyedit.com https://app.optimizely.com http://app.optimizely.com http://script.crazyegg.com https://script.crazyegg.com script.crazyegg.com http://www.radins.com http://fr.igraal.com http://cmsauth.vistaprint.prod https://secure.vistaprint.com https://*.hatchery.vistaprint.com https://*.mobile.vpsvc.com; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.interco.io wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://*.twilio.com wss://*.firebaseio.com https://cdn.firebase.com https://*.firebaseio.com; report-uri https://endpoint1.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV1YajQYljNDyq_HZcQMFwMFIEBS9eHG3wV3FNhihD_eeXQkr_HnJMjSGly5t4VQFrfZujfZFoFY5wHaTC8TvTlxRcur_pISTvX0Dw96EIlb4Q== 2 frame-ancestors 'self' https://bluebelldigital.com/ 2 frame-ancestors 'self' https://*.chronicle.com 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://*.dynamicyield.com https://*.salecycle.com https://*.fls.doubleclick.net https://dev.appboy.com https://www.facebook.com https://bid.g.doubleclick.net https://videos.contentful.com https://www.youtube.com https://*.api.bazaarvoice.com https://sentry.io https://videos.ctfassets.net https://*.akstat.io https://*.perimeterx.net https://*.urbanoutfitters.com https://www.google-analytics.com https://api.bazaarvoice.com https://d16fk4ms6rqz1v.cloudfront.net https://*.akamaihd.net https://*.rewardstyle.com https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://*.myunidays.com https://www.myregistry.com https://core.conversant.mgr.consensu.org https://tracking.crealytics.com https://*.scene7.com https://*.attn.tv https://freepeople.wufoo.com https://*.trustedshops.com https://*.stg-sessionm.com https://*.sessionm.com https://*.ent-sessionm.com https://*.bluecore.com https://www.googletagmanager.com https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://tags.tiqcdn.com https://www.googleadservices.com https://js.appboycdn.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://*.afterpay.com https://mpsnare.iesnare.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://fast.fonts.net https://ci-mpsnare.iovation.com https://*.bazaarvoice.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://*.criteo.com https://www.ist-track.com https://www.shopzilla.com https://*.googleapis.com https://www.gstatic.com https://app.curalate.com https://cm.g.doubleclick.net https://*.ra.linksynergy.com http://maps.google.cn https://*.clearpay.co.uk https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://images.contentful.com https://images.ctfassets.net https://px0.pbbl.co https://t.co https://*.google.com https://*.gstatic.com https://pinterest.adsymptotic.com https://*.linksynergy.com https://*.dc-storm.com https://consent.nxtck.com https://consent.jrs5.com https://consent.mediaforge.com https://*.g.doubleclick.net https://www.bizrate.com https://rd.connexity.net https://www.google.co.uk https://www.google.ca https://www.google.de https://*.groupbycloud.com https://h.nexac.com http://images.urbanoutfitters.com https://cdn.dynamicyield.com https://www.google.ie https://www.ssense.com https://*.rkdms.com https://www.polyvore.com https://www.google.nl https://www.google.fr https://*.agkn.com https://p.dlx.addthis.com https://www.google.co.jp https://www.google.es https://www.google.com.au http://stores.urbanoutfitters.com http://euimages.urbanoutfitters.com https://email-reflex.com https://www.google.it https://www.google.be https://www.google.co.nz https://www.google.se https://cdn.dashhudson.com https://tracking.lengow.com https://merchants.nextag.com https://events.attentivemobile.com https://fonts.gstatic.com https://*.crazyegg.com https://*.dotomi.com https://cx.atdmt.com https://calotag.com https://product.givingassistant.org https://techsuperb.biz https://track.effitarget.com https://cdnjs.cloudflare.com https://intljs.rmtag.com https://cdn.polyfill.io https://*.adsymptotic.com https://c.go-mpulse.net https://polyfill.io https://cdn.honey.io https://cdn.contentful.com https://*.attentivemobile.com https://g.3gl.net https://r.3gl.net.cn https://r.3gl.net https://trustbadge.api.etrusted.com https://*.tealiumiq.com https://*.salesforce.com https://*.px-cloud.net https://sdk.iad-01.braze.com https://*.siteintercept.qualtrics.com https://idsync.rlcdn.com https://*.qualtrics.com https://*.force.com https://ltv-service.camato.eu https://*.vimeo.com https://d38xvr37kwwhcm.cloudfront.net https://trail.grin.co https://downloads.contentful.com https://*.8x8.com/ https://s0.ipstatp.com https://*.tiktok.com https://*.tiktokcdn.com https://business-sg.topbuzz.com https://business.topbuzz.com https://*.btttag.com bytedance: https://cloudflare.com/cdn-cgi/trace https://*.ibytedtos.com https://*.krxd.net https://www.cloudflare.com/cdn-cgi/trace https://open.spotify.com https://cdn.cookielaw.org https://*.evergage.com https://privacyportal.onetrust.com https://*.urbndata.com https://*.pinterest.com https://*.urbanairship.com https://aswpapius.com/ https://geolocation.onetrust.com;frame-ancestors 'none'; 2 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 2 default-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * blob:; worker-src 'self' blob:; style-src * blob: 'unsafe-inline' 'unsafe-eval'; frame-src * blob: 2 default-src * gap:; script-src 'self' blob: https://*.kaltura.com data: 'unsafe-inline' 'unsafe-eval' https://js.chargebee.com https://*.oribi.io https://*.qualified.com wss://*.qualified.com wss://*.qualified.com https://*.google.com https://*.googletagmanager.com https://*.cloudflareinsights.com https://*.gstatic.com https://*.google-analytics.com https://snap.licdn.com https://*.hotjar.com https://*.marketo.net https://*.marketo.com https://*.equalweb.com https://*.zoominfo.com https://*.cloudfront.net https://*.facebook.net https://*.influ2.com https://*.googleadservices.com https://*.doubleclick.net https://*.kaltura.com https://*.cookiepro.com https://*.onetrust.com https://*.trendemon.com; object-src *; style-src * 'unsafe-inline'; img-src * data: blob: android-webview-video-poster:; media-src * blob: data:; frame-src *; font-src * data:; connect-src * 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.adobedtm.com *.demdex.net *.decibelinsight.net *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.akamaihd.net *.facebook.net *.googleadservices.com *.google.com *.doubleclick.net *.cloudflare.com *.zmags.com *.raisenow.com *.newrelic.com *.nr-data.net *.adobe.com; upgrade-insecure-requests; object-src *.ubs.com 2 frame-ancestors https://*.swissinfo.ch 2 frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' px.ads.linkedin.com analytics.tiktok.com www.googletagmanager.com tagmanager.google.com www.google.com www.gstatic.com bbox.blackbaudhosting.com olx.britishmuseum.org www.britishmuseum.org maps.googleapis.com cdn.rawgit.com services.postcodeanywhere.co.uk www.youtube.com s.ytimg.com payments.blackbaud.com secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com connect.facebook.net secure.quantserve.com edge.quantserve.com www.google-analytics.com rules.quantcount.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://optimize.google.com http://*.queue-it.net https://*.queue-it.net https://snap.licdn.com/li.lms-analytics/insight.min.js; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com payments.blackbaud.com bbox.blackbaudhosting.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com https://optimize.google.com http://*.queue-it.net https://*.queue-it.net; img-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com ssl.gstatic.com www.googletagmanager.com googletagmanager.com www.gstatic.com gstatic.com maps.gstatic.com maps.googleapis.com cdn.rawgit.com olx.britishmuseum.org secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com www.facebook.com pixel.quantserve.com www.google-analytics.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads static.designmynight.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com ttp://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io openseadragon.github.io libimages1.princeton.edu 51.11.16.222 media.britishmuseum.org http://media.britishmuseum.org https://www.google-analytics.com https://optimize.google.com http://*.queue-it.net https://*.queue-it.net https://www.google.com/ads/ga-audiences https://px.ads.linkedin.com https://www.google.co.uk data:;; frame-src 'self' www.google.com player.vimeo.com payments.blackbaud.com bbox.blackbaudhosting.com sketchfab.com w.soundcloud.com www.youtube.com bookings.designmynight.com www.facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com http://*.queue-it.net https://*.queue-it.net; frame-ancestors 'self'; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'self'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.queue-it.net https://*.queue-it.net data:;; connect-src 'self' www.google-analytics.com payments.blackbaud.com olx.britishmuseum.org bookings.designmynight.com www.facebook.com facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://51.143.128.218 media.britishmuseum.org http://*.queue-it.net https://*.queue-it.net https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/258 https://analytics.tiktok.com 2 default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data:; media-src https: blob: data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src https: blob: 2 frame-ancestors 'self' http://*.dji.com https://*.dji.com 2 upgrade-insecure-requests, upgrade-insecure-requests 2 default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2 img-src 'self' https: data: cdn.paris.fr 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' mediastream: data: blob: https:; worker-src 'self' blob:; upgrade-insecure-requests 2 default-src 'self' https://analytics.govinfo.gov https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; object-src 'unsafe-inline' 'self' ; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' http://insideanalytics.gpo.gov https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://analytics.govinfo.gov data:; font-src 'unsafe-inline' 'self' https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self'; frame-src 'self' https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; 2 frame-ancestors 'self' https://app.experiencewelcome.com/ https://iframetester.com/ 2 frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw standchartbank.experiencecloud.adobe.com experience.adobe.com 2 frame-ancestors localhost:* 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://cdn.polyfill.io https://*.dynamicyield.com https://intljs.rmtag.com https://www.googletagmanager.com https://d16fk4ms6rqz1v.cloudfront.net https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://www.google-analytics.com https://tags.tiqcdn.com https://www.googleadservices.com https://static.ads-twitter.com https://js-agent.newrelic.com https://*.afterpay.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://ci-mpsnare.iovation.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://www.gstatic.com https://*.akamaihd.net https://www.myregistry.com https://s3.amazonaws.com https://app.curalate.com https://*.clearpay.co.uk https://polyfill.io https://js.appboycdn.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://*.googleapis.com https://p.dlx.addthis.com https://px0.pbbl.co https://*.google.com https://images.contentful.com https://images.ctfassets.net https://*.criteo.com https://h.nexac.com https://*.dc-storm.com https://consent.jrs5.com https://consent.mediaforge.com https://consent.nxtck.com https://*.groupbycloud.com https://*.linksynergy.com https://www.polyvore.com https://*.bazaarvoice.com https://data.photorank.me https://www.ssense.com https://*.akstat.io https://www.google.co.uk https://*.perimeterx.net https://rtb-csync.smartadserver.com https://ads.yahoo.com http://images.anthropologie.com https://pixel.rubiconproject.com https://*.gstatic.com https://www.google.ca https://www.google.de https://*.rkdms.com https://idsync.rlcdn.com https://www.google.fr https://www.google.es https://www.google.com.au https://www.google.co.jp https://www.google.nl https://x.bidswitch.net https://www.google.it https://*.agkn.com https://pixel.advertising.com https://www.google.com.mx https://www.google.ie https://www.google.com.ar https://www.google.co.nz https://sync.outbrain.com https://secure.adnxs.com https://sp.analytics.yahoo.com https://www.google.co.in https://*.rewardstyle.com https://r.casalemedia.com https://cdn.dashhudson.com https://*.ra.linksynergy.com https://cx.atdmt.com https://pixel.tapad.com https://use.fontawesome.com https://fonts.gstatic.com https://cdn.dynamicyield.com https://*.fls.doubleclick.net https://dis.us.criteo.com https://c.go-mpulse.net https://dev.appboy.com https://www.facebook.com https://*.bluecore.com https://*.api.bazaarvoice.com https://dis.eu.criteo.com https://sentry.io https://videos.contentful.com https://www.youtube.com https://videos.ctfassets.net https://*.g.doubleclick.net https://gum.criteo.com https://images.anthropologie.com https://api.bazaarvoice.com https://static.criteo.net https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://player.vimeo.com https://core.conversant.mgr.consensu.org https://www.babylist.com https://*.scene7.com https://gmurphy2018.wufoo.com https://*.stg-sessionm.com https://*.sessionm.com https://*.dotomi.com https://mpsnare.iesnare.com https://*.adsymptotic.com https://*.attentivemobile.com https://*.attn.tv https://*.attentivemobile.com https://cdn.honey.io https://cdn.contentful.com https://open.spotify.com https://*.myunidays.com https://*.murdoog.com https://g.3gl.net https://r.3gl.net.cn https://r.3gl.net https://trustbadge.api.etrusted.com https://*.tealiumiq.com https://*.salesforce.com https://*.px-cloud.net https://sdk.iad-01.braze.com https://idsync.rlcdn.com https://*.force.com https://*.crazyegg.com https://d38xvr37kwwhcm.cloudfront.net https://trail.grin.co https://downloads.contentful.com https://cf.adxcel.com https://data.adxcel-ec2.com https://*.8x8.com/ https://*.btttag.com https://www.cloudflare.com/cdn-cgi/trace https://*.krxd.net https://track.securedvisit.com/ https://*.tiktok.com https://business.topbuzz.com https://business-sg.topbuzz.com https://*.tiktokcdn.com https://*.ibytedtos.com https://s0.ipstatp.com bytedance: https://cdn.cookielaw.org https://*.evergage.com https://connect.studentbeans.com/v4/anthropologie/uk https://privacyportal.onetrust.com https://*.urbndata.com https://*.pinterest.com https://*.urbanairship.com https://aswpapius.com/ https://*.bambuser.com https://geolocation.onetrust.com;frame-ancestors 'none'; 2 connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.index-education.com http://*.index-education.com http://*.datatables.net https://www.googleapis.com;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.cloudflare.com https://www.googletagmanager.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com http://*.googleapis.com https://*.googleapis.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com;style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com https://*.index-education.com http://*.index-education.com;img-src 'self' *.google-analytics.com *.gstatic.com *.doubleclick.net *.google.com *.google.fr *.googleapis.com data:; 2 media-src 'self' *.consumerfinance.gov; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com www.gstatic.com ssl.gstatic.com stats.g.doubleclick.net img.youtube.com *.google-analytics.com trk.cetrk.com searchstats.usa.gov gtrk.s3.amazonaws.com *.googletagmanager.com tagmanager.google.com maps.googleapis.com optimize.google.com api.mapbox.com *.tiles.mapbox.com stats.search.usa.gov blob: data: www.facebook.com www.gravatar.com *.qualtrics.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.consumerfinance.gov fast.fonts.net tagmanager.google.com optimize.google.com api.mapbox.com fonts.googleapis.com; font-src 'self' data: *.consumerfinance.gov fast.fonts.net fonts.google.com fonts.gstatic.com; default-src 'self'; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.googleoptimize.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com api.iperceptions.com *.qualtrics.com raw.githubusercontent.com; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com *.googleoptimize.com optimize.google.com www.youtube.com *.doubleclick.net universal.iperceptions.com www.facebook.com staticxx.facebook.com mediasite.yorkcast.com *.qualtrics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov *.google-analytics.com *.googletagmanager.com *.googleoptimize.com tagmanager.google.com optimize.google.com ajax.googleapis.com search.usa.gov api.mapbox.com js-agent.newrelic.com dnn506yrbagrg.cloudfront.net bam.nr-data.net *.youtube.com *.ytimg.com trk.cetrk.com universal.iperceptions.com cdn.mouseflow.com n2.mouseflow.com us.mouseflow.com geocoding.geo.census.gov tigerweb.geo.census.gov about: connect.facebook.net www.federalregister.gov storage.googleapis.com *.qualtrics.com 2 upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com 2 frame-ancestors https://cont-sites.bajajfinserv.in/ https://www.bajajfinserv.in/ 2 media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2 frame-ancestors 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; report-uri /csp-report 2 frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2 script-src 'strict-dynamic' 'sha256-1vXR78YtEYpuZYWhpSNFxaXfTJtlQSCVwdj9gtJSALg=' 'sha256-AhRhqE3xJ7ppzb2hYM+UikRNSi/qm/F3KOlMXG/Q7YA=' 'sha256-6BRRaH0Y+8Ia5nBX5mc7UGbp2UZWnCAg4onNRvHnYvw=' 'sha256-bn2OuMCn5/yM+fMtaRzdEyKfsiRiL1rT36jkshEuVTo=' 'sha256-48A4Dz3O2+FQ2x9QUpa3oClLJqL6veT2RhDX6W6IVXk=' 'sha256-IgMAsv+gzUabvEezSxPP/1yKIYDY16pdv3cp6EIirLU=' 'sha256-Kypz4tCeSu9TDLbPqpbLuVU+13/zyB0UDBLGtyPGR1I=' 'sha256-QHAyyy6fCJ8Rz89oba+QvsksgitqK3b1tHEUajPAyCM=' 'sha256-9FBkyWL+iGrJoGQ60dJZcgLSx70JpTxd6lJXlBMLgFI=' 'sha256-pVrvJcK0/pNKNWCpeXtqH2B15FWl33uumfbh3BBXQc4=' 'sha256-WRBUXRlUKInCFXZq7vLAuElKvaS5yeTTT9+tGk5cNFc=' 'sha256-rOdymFRskWTgDRjlgakEsAFru+VxMcjYUivl9HJpmcQ=' 'sha256-k44TbNsn7XQ8cXM+JbuVJg84pbzTY/fa5Xes5Zl1qGc=' 'sha256-YJxmIlZWu8tceA5HT3rJUwFUoo1tqGaYSxqQO++ax9I=' 'sha256-mtBp1vQgxObfnbP2A6KZZJurjrOONMqkiV82pg8qWZ8=' 'sha256-d7d4bnXGCcbc6CfgIXR+L4axcj9+LOnHvhhfwHaBgmI=' 'sha256-xhTFrqBghqimsT/eRd1zDWDRys5N7uTgnq91K963qeo=' 'sha256-yj4aK3wPFXjox1Fx5CMs8hB1VUImW2gP5a0roKAacWc=' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://csp.withgoogle.com/csp/webdev 2 frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com agent.bold360.com *.cox-ondemand.com *.yext-cdn.com *.yextpages.net 2 frame-ancestors https://*.demandbase.com 2 frame-ancestors 'self' https://webhare.utwente.nl https://employees.utwente.nl https://portal-test.utsp.utwente.nl 2 default-src data: wss: blob: blob 'unsafe-eval' 'unsafe-inline' *.base.be *.telenet.be *.telenet.be:* https://zentr.cc https://4610619.fls.doubleclick.net https://127.demdex.net *.customersaas.com http://assets.adobedtm.com https://assets.adobedtm.com https://base.pingvp.com https://base.rest.ac-systems.com https://bid.g.doubleclick.net https://custom.luckycycle.com https://cdn.cookielaw.org https://connect.facebook.net https://ct.pinterest.com https://cm.everesttech.net http://cloud.typography.com *.cloudfront.net http://dev.day.com https://dpm.demdex.net https://fonts.gstatic.com https://fonts.googleapis.com https://js.driftt.com https://js.driftqa.com https://privacyportal-eu.onetrust.com http://smetrics.telenet.be https://smetrics.base.be https://static.zdassets.com http://static.telenet.be https://s.pinimg.com https://stats.g.doubleclick.net https://s3.eu-central-1.amazonaws.com http://tags.tiqcdn.com https://tpc.googlesyndication.com https://translate.googleapis.com https://839-xun-065.mktoutil.com https://upctelenetgroup.112.2o7.net https://use.typekit.net http://w.usabilla.com https://w.usabilla.com https://www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.facebook.com https://www.gstatic.com https://www.pingvp.com https://www.wista.com https://www.youtube.com https://upctelenet20test.112.2o7.net https://googleads.g.doubleclick.net https://839-xun-065.mktoresp.com https://munchkin.marketo.net https://telenethelp.zendesk.com https://ekr.zdassets.com https://telenet.premiumplus.io https://www.google.com https://translate.google.com https://www.trg.telenet.be.seg.js https://player.vimeo.com *.hotjar.com *.hotjar.io *.wistia.com *.wistia.net *.pegacloud.net https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://upc.d2.sc.omtrdc.net https://libertyglobalpaneu.tt.omtrdc.net https://cdn.tt.omtrdc.net https://widget-mediator.zopim.com https://youtube.com *.bbvms.com *.bluebillywig.com *.fontawesome.com *.googleapis.com https://eur01.safelinks.protection.outlook.com https://playlist.megaphone.fm https://app.prospect.silktide.com https://app.insites.com https://html5-player.libsyn.com *.clarity.ms *.qelpcare.com *.adobe.com *.force.com *.linkedin.com *.salesforce.com *.salesforceliveagent.com;img-src 'self' data: data blob blob: *.telenet.be *.telenet.be:* https: http://4610619.fls.doubleclick.net http://loadinggif.com;report-uri https://api.prd.telenet.be/csp-violation-report; 2 frame-ancestors 'self' https://*.inconvo.chat https://*.yougov.chat 2 frame-ancestors *.ushmm.org; 2 default-src 'self' https: *.daimler.com *.slidesync.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.daimler.com *.slidesync.com *.usercentrics.eu js.api.here.com narando.com cdn.podigee.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.daimler.com *.slidesync.com js.api.here.com cdn.podigee.com player.podigee-cdn.net; img-src 'self' https: blob: data: *.daimler.com *.slidesync.com *.usercentrics.eu *.api.here.com player.podigee-cdn.net; frame-src *.daimler.com slidesync.com www.youtube-nocookie.com live.comsatmedia.com embed.gomexlive.com daimler.gomexlive.com my.matterport.com service.mercedes-benz-classic.com app.usercentrics.eu *.narando.com cdn.podigee.com player.podigee-cdn.net; font-src 'self' *.daimler.com assets.slidesync.com cdn.podigee.com player.podigee-cdn.net js.api.here.com fonts.gstatic.com; connect-src 'self' https: wss: blob: *.daimler.com *.slidesync.com *.podigee.com *.podigee.io player.podigee-cdn.net *.api.here.com *.hereapi.com; worker-src 'self' blob: 2 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.youtube.com www.google.com *.google-analytics.com https://www.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com https://www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.fontawesome.com data: use.typekit.net *.crazyegg.com *.hotjar.com; img-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com twitter.com *.twitter.com *.twimg.com use.fontawesome.com data: blob: *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co *.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com; media-src 'self' data: blob: www.youtube.com; frame-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com *.surveymonkey.com; connect-src 'self' *.informz.net *.google-analytics.com polo.feathr.co *.crazyegg.com *.doubleclick.net; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 2 frame-src 'self' blob: *.adobedtm.com *.credit-suisse.com *.hedani.net *.doubleclick.net *.facebook.com *.facebook.net *.inbenta.com *.knowledgevision.com *.omtrdc.net *.qq.com *.youtube.com creditsuisse.demdex.net maps.gstatic.com wl.fundsquare.net w.soundcloud.com *.snapchat.com *.qualtrics.com *.3vrooms.app dev.3volutions.ch *.ceros.com *.swisscom.ch video.csintra.net beneal.com *.apacwebinar.com *.qumucloud.com player.vimeo.com 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.adroll.com d.adroll.mgr.consensu.org *.dca0.com *.adyen.com *.akamaihd.net *.go-mpulse.net *.akstat.io *.aexp-static.com *.americanexpress.com tag.yieldoptimizer.com hm.baidu.com *.bambuser.com x.bidswitch.net bat.bing.com *.branch.io app.link s.thebrighttag.com s.btstatic.com *.brightcove.com *.brightcove.net *.brightcovecdn.com dpdb.webvr.rocks *.boltdns.net *.llnwd.net *.llnw.net vjs.zencdn.net *.burberry.com burberry.com cdnjs.cloudflare.com *.contentsquare.net script.crazyegg.com *.doubleclick.net connect.facebook.net www.facebook.com *.fitanalytics.com reporting.us1.fredhopperservices.com d1snv67wdds0p2.cloudfront.net collect-eu.attraqt.io analytics.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com adservice.google.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.googletagservices.com cdn.grata.cn *.usehero.com *.twilio.com wss://*.vss.twilio.com *.us1.twilio.com wss://*.us1.twilio.com *.eu1.twilio.com wss://*.eu1.twilio.com *.ipinyou.com www.ist-track.com x.klarnacdn.net *.klarna.com *.klarnaevt.com *.liveperson.net wss://*.liveperson.net *.lpsnmedia.net *.mathtag.com service.maxymiser.net bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com *.online-metrix.net *.openx.net *.optimizely.com cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com *.paypal.com www.personifyxpassets.com 7vr7bv2vla.execute-api.eu-west-1.amazonaws.com ct.pinterest.com s.pinimg.com *.qudini.com po.st s.po.st rp.gwallet.com *.rakuten.com *.nxtck.com *.xg4ken.com *.linksynergy.com intljs.rmtag.com ln-rules.rewardstyle.com *.richrelevance.com *.riskified.com sb.scorecardresearch.com *.shoprunner.com *.shoprunner.net shopstylecollective.com i.simpli.fi d1fc8wv8zag5ca.cloudfront.net *.sonobi.com *.spotify.com t.a3cloud.net p.teads.tv idsync.rlcdn.com *.turn.com analytics.twitter.com static.ads-twitter.com platform.twitter.com sp.analytics.yahoo.com s.yimg.com s.yimg.jp b97.yahoo.co.jp mc.yandex.ru *.zooz.com; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; media-src * blob:; object-src 'self'; frame-ancestors 'self' *.burberry.com burberry.com; base-uri 'self'; upgrade-insecure-requests; report-uri https://brby.report-uri.com/r/t/csp/enforce 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2 frame-ancestors *.2checkout.com *.2co.com *.avangate.com 2 frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas 2 frame-ancestors 'self' https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com 2 frame-ancestors https://ww2.coolmathgames.com https://www.coolmathgames.com http://www.coolmath-games.com https://www.coolmath-games.com https://hangman-backend.coolmathgames.com 2 frame-ancestors 'self' t4.scu.edu cms.scu.edu cms01.scu.edu thetrustproject.org media.scu.edu ecampus.scu.edu hrdev.scu.edu hrusr.scu.edu t4dev.scu.edu 166.78.46.137 campaign.scu.edu vanillasoft.net 129.210.247.132 2 frame-ancestors 'self' https://www.tail.digital https://tail.digital; 2 frame-ancestors 'self' https://piwik.mz.tu-dresden.de 2 frame-ancestors https://ads.idntimes.com 2 default-src 'self'; script-src 'self' c.mql5.com www.tradays.com trade.mql5.com www.mql5.com content.mql5.com search.mql5.com player.youku.com https://c.paypal.com maps.googleapis.com maps.google.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com static.sumsub.com 'unsafe-inline' 'unsafe-eval'; style-src player.youku.com c.mql5.com www.tradays.com 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com; img-src 'self' msg1.mql5.com msg2.mql5.com msg3.mql5.com msg4.mql5.com c.mql5.com content.mql5.com charts.mql5.com www.mql5.com www.tradays.com blob: data: *.tile.openstreetmap.org https://c.paypal.com https://b.stats.paypal.com https://dub.stats.paypal.com csi.gstatic.com maps.gstatic.com maps.google.com maps.googleapis.com chart.googleapis.com khms0.googleapis.com khms1.googleapis.com khms2.googleapis.com khms3.googleapis.com; media-src 'self' msg1.mql5.com msg2.mql5.com msg3.mql5.com msg4.mql5.com c.mql5.com; font-src c.mql5.com fonts.gstatic.com fonts.googleapis.com; connect-src 'self' trade.mql5.com https://msg1.mql5.com wss://msg1.mql5.com https://msg2.mql5.com https://msg3.mql5.com https://msg4.mql5.com wss://msg2.mql5.com wss://msg3.mql5.com wss://msg4.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com https://cdn.chatbot.com; frame-src 'self' c.mql5.com www.tradays.com trade.mql5.com trade.mql5.com player.youku.com www.youtube.com https://c.paypal.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com player.youku.com www.youtube.com; worker-src 'self' c.mql5.com player.youku.com www.youtube.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: d2e70e9yced57e.cloudfront.net d2k0escgkdw2ev.cloudfront.net d3k4ohqf5n453g.cloudfront.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net cdn.ampproject.org bat.bing.com s.yimg.com cdn.taboola.com trc.taboola.com sp.analytics.yahoo.com *.facebook.com connect.facebook.net www.linkedin.com www.reddit.com *.twitter.com static.ads-twitter.com *.linkedin.com *.pinterest.com *.reddit.com www.dianomi.com loadus.exelator.com ct.buyright.com affiliate.icclicktracker.com amplify.outbrain.com track.supersonicads.com ads.trafficjunky.net cdn.ckeditor.com *.wistia.com sentry.io www.datadoghq-browser-agent.com opensharecount.com *.mediaalpha.com smartforms.ekomi.com *.amazonaws.com *.mtcaptcha.com cfstatic.efdevhub.info cdn.wallethub.com static.olark.com nrpc.olark.com acsbapp.com cdn.acsbapp.com web1.acsbapp.com api.olark.com 2 frame-ancestors 'self' *.healio.com:* *.blueconic.net:* 2 default-src 'self' ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.upc.edu https://*.cookiebot.com tagmanager.google.com https://*.twimg.com https://*.twitter.com *.gstatic.com *.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com data: ;font-src * data: ; style-src * data: 'unsafe-inline' 'unsafe-eval'; child-src *.upc.edu https://*.twitter.com https://*.google.com ; worker-src *.upc.edu https://*.twitter.com https://*.google.com https://cercador.upc.edu ; media-src *.upc.edu; frame-src *.youtube-nocookie.com youtu.be *.vimeo.com *.youtube.com *.twitter.com https://*.cookiebot.com twitter.com *.upc.edu www.google.com https://cercador.upc.edu ; connect-src https://consentcdn.cookiebot.com https://cercador.upc.edu https://stats.g.doubleclick.net *.google-analytics.com 'self' 2 upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security 2 frame-ancestors 'self' libertystreeteconomics.newyorkfed.org; 2 default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: blob:;media-src https: data: blob:;worker-src https: data: blob:;font-src https: data:;connect-src https: wss: 2 frame-ancestors https://*.verizon.com http://*.verizon.com https://*.verizonwireless.com http://*.verizonwireless.com https://*.verizonbusinessfios.com/ https://*.consensuscorp.com http://*.consensuscorp.com https://vbmbos.lightning.force.com http://vbmbos.lightning.force.com https://vbmbos--c.na73.visual.force.com http://vbmbos--c.na73.visual.force.com https://vbmbos.my.salesforce.com http://vbmbos.my.salesforce.com 2 frame-ancestors vanderbilt.edu/AEA 'self' 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.newswire.com 2 default-src 'self'; connect-src 'self' https://*.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.browsealoud.com https://speech.speechstream.net blob: https://en.wikipedia.org https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/; script-src 'self' https://*.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.browsealoud.com https://*.speechstream.net 'sha256-XwQT/PsFMy+rKSB4vlW93i5lrzIRaGmPC3M2D0C3ZKU=' https://apis.google.com https://*.intercom.io https://js.intercomcdn.com https://analytics.twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ 'nonce-163507867985800' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic.dev.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com; img-src * data: https://optimize.google.com https://script.hotjar.com; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic.dev.texthelp.com https://www.facebook.com; frame-src https://www.youtube.com https://mautic.dev.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' http: data: https: blob: https://d.la2-c2-ord.salesforceliveagent.com https://logs1125.xiti.com https://www.google-analytics.com https://cdn.optimizely.com https://api.demandbase.com https://app-ab02.marketo.com https://www.googletagmanager.com https://magpie-static.ugc.bazaarvoice.com https://apc.ugc.bazaarvoice.com https://code.jquery.com wss://directline.botframework.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ravelry.com https://www.ravelry.com *.ravelrycache.com *.doorbell.io *.crazyegg.com https://*.ravelrycache.com https://*.chatlio.com plausible.io https://*.hotjar.com https://*.raygun.io https://*.pusher.com https://*.frontapp.com https://apis.google.com https://www.amazon.com https://www.dropbox.com *.googleapis.com https://*.googleapis.com *.google-analytics.com https://www.google.com *.gstatic.com https://maps.gstatic.com maps.googleapis.com maps.google.com *.nr-data.net *.newrelic.com https://*.newrelic.com https://*.twitter.com connect.facebook.net *.facebook.com *.pinterest.com https://*.hotjar.com https://*.pinterest.com; object-src 'self' *.ravelry.com *.macromedia.com *.etsy.com *.youtube.com https://*.youtube.com https://*.vimeo.com *.vimeo.com *.vimeocdn.com *.vimeo.com *.crazyegg.com *.gstatic.com *.raygun.io; frame-src 'self' https://*.facebook.com https://*.hotjar.com https://docs.google.com https://accounts.google.com https://www.amazon.com https://*.spotify.com https://*.buffer.com https://player.vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com https://*.youtube.com vine.co *.google.com https://*.twitter.com *.facebook.com *.pinterest.com chromenull://* chromeinvoke://* webviewprogressproxy://*; connect-src 'self' *.ravelry.com https://www2.ravelry.com doorbell.io:443 *.crazyegg.com https://*.raygun.io https://*.nr-data.net https://plausible.io https://*.hotjar.com https://*.dropbox.com https://www.ravelry.com wss://websocket.ravelry.com wss://websocket2.ravelry.com wss://*.hotjar.com translate.googleapis.com syndication.twitter.com https://*.chatlio.com https://*.pusher.com *.pusherapp.com; 2 frame-ancestors 'self' https://www.trendhunter.com https://www.jeremygutsche.com https://www.betterandfaster.com https://www.trendreports.com https://www.futurefestival.com https://www.keynotes.org https://www.exploitingchaos.com https://www.trendhunter.ai https://www.createthefuturebook.com https://go.trendhunter.com 2 default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://dxw.report-uri.com/r/d/csp/enforce; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 2 frame-ancestors 'self' https://*.charlotte.edu https://*.uncc.edu https://uncc.instructure.com; frame-src 'self' comgooglemaps: gsa: https://9572357.fls.doubleclick.net https://accounts.google.com https://adservices.brandcdn.com https://airtable.com https://anchor.fm https://apis.google.com https://app.smartsheet.com https://bid.g.doubleclick.net https://bot.ivy.ai https://calendar.google.com https://cdnapisec.kaltura.com https://cdn.exchmapdata.com https://cdn.knightlab.com https://cdn.youvisit.com https://*.charlotte.edu https://c.sharethis.mgr.consensu.org https://d1eoo1tco6rr5e.cloudfront.net https://datastudio.google.com https://datawrapper.dwcdn.net https://docs.google.com https://drive.google.com https://edabroad.h5p.com https://e.infogram.com https://e.issuu.com https://embed.financialaidtv.com https://embed.ocelotbot.com https://embed.podcasts.apple.com https://insight.adsrvr.org https://libraryh3lp.com https://livestream.com https://loader.webspellchecker.net https://maphub.net https://maps.google.com https://match.adsrvr.org https://mcmap.org https://m.facebook.com https://my.matterport.com https://online.flowpaper.com https://open.spotify.com https://platform.twitter.com https://player.vimeo.com https://public.tableau.com https://pub.s10.exacttarget.com https://*.rlets.com https://*.skedda.com https://syndication.twitter.com https://t.sharethis.com https://*.uncc.edu https://uncc.financialaidtv.com https://uncc-mps-training.s3.amazonaws.com https://vars.hotjar.com https://view-awesome-table.com https://vimeo.com https://web.facebook.com https://whova.com https://w.soundcloud.com https://ws.sharethis.com https://www.buzzsprout.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.theweather.com https://www.youtube.com https://www.youtube-nocookie.com https://youtu.be https://youtube.com; report-uri https://ns-upitsdpweb-vip.charlotte.edu/util/csp/ 2 img-src 'self' data: https://ads.yahoo.com https://cdn.uphold.com https://cm.g.doubleclick.net https://d.adroll.com https://dsum-sec.casalemedia.com https://eb2.3lift.com https://ib.adnxs.com https://idsync.rlcdn.com https://images.prismic.io https://p.typekit.net https://pixel.advertising.com https://pixel.rubiconproject.com https://prismic-io.s3.amazonaws.com https://simage2.pubmatic.com https://stats.g.doubleclick.net https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://uphold.cdn.prismic.io https://ups.analytics.yahoo.com https://us-u.openx.net https://use.typekit.net https://www.facebook.com https://www.google.com https://www.google.pt https://x.bidswitch.net www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com/ https://cdn.sift.com/s.js https://cdn.uphold.com https://connect.facebook.net https://d.adroll.com https://d.adroll.mgr.consensu.org https://s.adroll.com http://static.cdn.prismic.io/prismic.js https://static.zdassets.com/ https://s.adroll.com https://use.typekit.net https://www.datadoghq-browser-agent.com https://www.gstatic.com https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.google.com https://trends-sandbox.uphold.com https://trends.uphold.com; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net/ https://use.typekit.net https://cdn.uphold.com/ 2 default-src wss://ws.ttsep.com/ accounts.google.com 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.hsn.com https://*.hsn.net 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://iccert.nhi.gov.tw ;img-src 'self' ;connect-src 'self' wss://iccert.nhi.gov.tw:7777 wss://iccert.nhi.gov.tw ;style-src 'self' 'unsafe-inline' ;font-src 'self' ;child-src 'self' ;object-src 'self' 2 default-src https:; connect-src https: *; script-src 'unsafe-inline' 'unsafe-eval' https: *; style-src 'unsafe-inline' https: *; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com; font-src 'self' data: https: fonts.gstatic.com; object-src 'self'; frame-src *; frame-ancestors 'self' https://citizensadvicegateshead.org.uk; 2 frame-ancestors https://*.etracker.com; script-src 'self' https://*.signalize.com https://*.etracker.com https://*.etracker.de 'unsafe-inline' 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.amplitude.com https://cdn.lr-ingest.io https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://secure.aadcdn.microsoftonline-p.com https://appleid.cdn-apple.com https://d.impactradius-event.com https://js.stripe.com https://checkout.stripe.com https://www.dropbox.com https://cdn.onesignal.com https://onesignal.com https://static.ads-twitter.com https://bat.bing.com https://www.redditstatic.com https://analytics.twitter.com *.sentry.io https://cdnjs.cloudflare.com https://connect.facebook.net https://www.google.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://www.gstatic.com; worker-src 'self' blob:; report-uri /csp-violation-report 2 frame-ancestors 'self' *.qnap.com *.qnap.com.tw 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob; img-src data: https: android-webview-video-poster: blob:; font-src data: https:; upgrade-insecure-requests; 2 img-src 'self' data:;font-src 'none' 2 frame-ancestors https://*.optimizely.com; upgrade-insecure-requests; default-src data: https: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: mediastream: android-webview-video-poster: https://*.goodrx.com http://blocked.goodrx.com https://*.grxstatic.com https://*.grxweb.com https://*.heydoctor.com https://d4fuqqd5l3dbz.cloudfront.net https://*.px-cloud.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-client.net https://*.split.io https://gx9e.app.link https://app.link https://*.branch.io https://bnc.lt https://*.doubleclick.net https://*.2mdn.net https://*.osano.com https://optimizely-edge.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagservices.com https://*.googletagmanager.com https://bat.bing.com https://*.sentry-cdn.com https://sentry.io https://*.ingest.sentry.io https://cdn.ampproject.org https://*.doubleverify.com https://*.typekit.net https://c.evidon.com https://l.betrad.com https://d79i1fxsrar4t.cloudfront.net https://static.legitscript.com https://cdn.contentful.com https://unpkg.com https://images.ctfassets.net https://cdnjs.cloudflare.com https://*.appsflyer.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.polyfill.io https://polyfill.io https://*.smartystreets.com https://s3-us-west-2.amazonaws.com https://s3.amazonaws.com https://my.wpengine.com https://secure.gravatar.com https://*.embed.ly https://yoast.com https://*.mzstatic.com https://*.onelink.me https://www.recaptcha.net https://*.qualaroo.com https://datawrapper.dwcdn.net https://hire.withgoogle.com https://www.youtube.com https://*.insightexpressai.com https://connect.facebook.net https://www.facebook.com https://adservice.google.co.in https://adservice.google.com.au https://adservice.google.ca https://*.ytimg.com https://*.verticalhealth.net https://d.turn.com https://*.demdex.net https://idsync.rlcdn.com https://di.rlcdn.com https://*.adsafeprotected.com https://bcg.coupons.com https://*.embedly.com https://*.flashtalking.com https://pixel.sbal4kp.com https://secure.adnxs.com https://api.lever.co https://*.segment.io https://*.segment.com https://*.userzoom.com https://sc.iasds01.com https://sb.voicefive.com https://*.scorecardresearch.com https://*.iqfp1.com https://*.dvtps.com https://*.pxsrv.net https://*.zentrick.com https://*.zentrick.name https://*.unwrapper.io https://*.dvva.io https://js.stripe.com https://www.redditstatic.com https://alb.reddit.com https://wsdk.rokt.com https://*.speedcurve.com https://fast.wistia.com https://platform.twitter.com https://*.doceree.com https://*.liadm.com https://www.medtargetsystem.com https://*.hcn.health https://thrtle.com https://trc.lhmos.com https://ib.adnxs.com https://api.prod.projectexodus.us https://js.appboycdn.com https://*.braze.com https://use.fontawesome.com https://cdn.materialdesignicons.com https://*.twilio.com https://*.twiliocdn.com wss://*.twilio.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomassets.com https://intercom-sheets.com https://*.heydoctor.io https://*.deepintent.com https://*.moatads.com https://*.s.moatpixel.com https://*.adform.net https://*.jwpcdn.com https://*.jwplayer.com https://*.jwplatform.com https://*.jwpltx.com https://*.jwpsrv.com https://*.mux.com https://videos-fms.jwpsrv.com https://videos-cloudflare.jwpsrv.com https://*.datadoghq.com https://*.datadoghq-browser-agent.com https://pswec.com https://*.pswec.com https://sync.graph.bluecava.com https://insight.adsrvr.org https://*.parsely.com; report-uri https://sentry.io/api/5148329/security/?sentry_key=b77e90b1f5654f2e83a0238f4cf07987 2 frame-ancestors vidiq-marketing-cms.now.sh vidiq-marketing-cms.vercel.app vidiq-marketing-cms-git-staging-vidiq.vercel.app vidiq-marketing-cms-git-dev-vidiq.vercel.app vidiq-marketing-cms-git-dev.vidiq.now.sh vidiq-marketing-cms-git-staging.vidiq.now.sh vitals.vercel-analytics.com localhost:3333 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; font-src data: https://www.blueconic.com https://fonts.blueconic.com https://cdn2.hubspot.net; img-src https: data:; media-src https: blob:; worker-src blob: 2 child-src https: http: data:;frame-src https: http: data:;script-src 'unsafe-inline' 'unsafe-eval' https: http:;img-src * data:;media-src * 2 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2 frame-ancestors https://www.dow.com/ http://rsc.intranet.dow.com/ 2 frame-ancestors 'self' https://*.theactivetimes.com https://*.thedailymeal.com https://*.doubleclick.net https://*.googlesyndication.com https://*.rubiconproject.com https://*.adnxs.com https://*.openx.net https://*.casalemedia.com 2 frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it http://manage.pec.it https://manage.pec.it 2 frame-ancestors 'self' *.svd.se; default-src https: data: blob: wss: react-js-navigation: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; report-uri https://svd.report-uri.com/r/d/csp/enforce 2 default-src 'self' data: https://*.cafebazaar.ir https://*.cafebazaar.cloud ; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://imasdk.googleapis.com https://s0.2mdn.net https://adservice.google.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net; worker-src 'self' data: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; style-src 'self' data: 'unsafe-inline' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://fonts.googleapis.com; img-src * data: blob: android-webview-video-poster:; font-src * data:; connect-src *; media-src * data: blob: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors 'self' https://*.tcsion.com https://*.digialm.com https://*.tcsionhub.in https://*.tcsionhub.uk https://*.tcscloudplus.com https://learning.icai.org https://eservices.icai.org 2 default-src 'self' ws://localhost:* data: 'unsafe-eval' 'unsafe-inline' https://app.youneedabudget.com localhost:* *.youneedabudget.com marketing-youneedabudgetco.netdna-ssl.com sslcdn-youneedabudgetco.netdna-ssl.com youneedabudget.helpscoutdocs.com youneedabudget.myshopify.com hello.myfonts.net https://static.airtable.com/js/embed/ https://zapier.com/apps/embed/widget.js appleid.cdn-apple.com *.amplitude.com *.mparticle.com https://api.rollbar.com https://cdn.rollbar.com sdk.iad-03.braze.com https://polyfill.io https://cdn.speedcurve.com https://lux.speedcurve.com https://cdnjs.cloudflare.com https://cdn.pdst.fm/ping.min.js https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink s.ytimg.com https://sc-static.net/scevent.min.js https://tr.snapchat.com https://snap.licdn.com/li.lms-analytics/insight.min.js analytics.twitter.com *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.helpscout.net *.pinterest.com *.pusher.com *.quora.com *.soundcloud.com *.sumologic.com *.twitter.com *.youtube.com accounts.google.com apis.google.com d3hb14vkzrxvla.cloudfront.net djtflbt20bdde.cloudfront.net d.impactradius-event.com https://ajax.cloudflare.com https://api.cloudinary.com https://api.getgo.com https://api.ipify.org https://docs.google.com https://giphy.com/ https://s.pinimg.com https://youneedabudget.us11.list-manage.com optimize.google.com player.vimeo.com youneedabudget.a4xxmk.net wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.intercom.io *.intercomcdn.com *.intercomusercontent.com www.google.au www.google.be www.google.ca www.google.ch www.google.co.in www.google.co.nz www.google.co.uk www.google.com.br www.google.com.mx www.google.com.ph www.google.com.sg www.google.com www.google.de www.google.es www.google.fr www.google.ie www.google.nl www.google.no www.google.pl www.google.ru;frame-ancestors http://localhost:* *.youneedabudget.com;frame-src 'self' accounts.google.com airtable.com doubleclick.net *.doubleclick.net staticxx.facebook.com w.soundcloud.com *.facebook.com www.youtube.com vimeo.com optimize.google.com open.spotify.com assets.pinterest.com www.pinterest.com www.pinterest.co.uk www.pinterest.com.au www.pinterest.ca www.pinterest.cl www.pinterest.de www.pinterest.es www.pinterest.fr tr.snapchat.com;img-src data: *;font-src 'self' data: fonts.gstatic.com *.intercomcdn.com sslcdn-youneedabudgetco.netdna-ssl.com *.youneedabudget.com 2 default-src 'none'; script-src 'self' https://*.hcaptcha.com https://hcaptcha.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.hcaptcha.com https://hcaptcha.com; frame-ancestors 'self'; frame-src 'self' https://*.hcaptcha.com https://hcaptcha.com; connect-src https://*.hcaptcha.com https://hcaptcha.com; object-src 'self'; base-uri 'self'; img-src 'self'; font-src 'self' 2 frame-ancestors http://*.almamedia.net https://*.almamedia.net https://app.powerbi.com 2 default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' *.liveperson.net *.leadsrx.com https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.hifiona.com *.transunion.com blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.google-analytics.com *.leadsrx.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.transunion.com *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; style-src * 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com; 2 frame-ancestors 'self' https://mtt-live.apps.emea.vwapps.io https://mtt-live-blue.apps.emea.vwapps.io https://mtt.apps.emea.vwapps.io https://mtt-blue.apps.emea.vwapps.io http://mtt-local.apps.emea.vwapps.io; 2 connect-src 'self' https://stats.g.doubleclick.net https://ampcid.google.com https://adservice.google.com https://adservice.google.com https://www.google.com https://www.google-analytics.com https://in.api4load.net https://cdn.cookielaw.org https://bam.nr-data.net https://bam-cell.nr-data.net https://www.facebook.com https://chat-eu.freshdesk.com https://report.bhf.gbqofs.io https://cdn.gbqofs.com https://privacyportal-eu.onetrust.com wss://chat-eu.freshdesk.com https://ct.pinterest.com https://sockjs-eu.pusher.com https://sock57-eu.pusher.com wss://ws-eu.pusher.com https://ws.sessioncam.com https://b.ws.sessioncam.com https://assetscdn.stackla.com https://web-assets.stackla.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://cookiee1.veinteractive.com https://dtrc.veinteractive.com https://sessionapi.veinteractive.com; default-src 'self' ; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://static3.avast.com https://use.fontawesome.com https://280841640230733.eu.webpush.freshchat.com https://assetscdn.stackla.com https://maxcdn.bootstrapcdn.com http://rtr.tolunastart.com; frame-src 'self' ms-appx-web: https://embed.acast.com https://cp.bhf.org.uk https://extras.bhf.org.uk https://embed.podcasts.apple.com https://www.typeform.com https://bid.g.doubleclick.net https://cm.g.doubleclick.net https://8233349.fls.doubleclick.net https://8455068.fls.doubleclick.net https://optimize.google.com https://tpc.googlesyndication.com https://www.youtube.com https://www.google.com gsa://onpageload https://player.acast.com https://track.adform.net https://match.adsrvr.org https://insight.adsrvr.org https://aax-eu.amazon-adsystem.com https://www.boombox.com https://view.ceros.com https://www.facebook.com https://wchat.eu.freshchat.com https://280841640230733.eu.webpush.freshchat.com https://www.ons.gov.uk https://irewind.com https://cdn.knightlab.com https://zswpmanager.wip.mmc.com https://assets.nhs.uk https://net.ootil.fr https://public.tableau.com https://digital19.typeform.com https://dntcl.qualaroo.com https://app.qzzr.com https://www.qzzr.com https://a.rfihub.com https://20782797p.rfihub.com https://20782800p.rfihub.com https://20782816p.rfihub.com https://20782822p.rfihub.com https://20798315p.rfihub.com https://20798316p.rfihub.com https://20798319p.rfihub.com https://20782802p.rfihub.com https://20782821p.rfihub.com https://20822326p.rfihub.com https://20823015p.rfihub.com https://20823018p.rfihub.com https://tr.snapchat.com https://w.soundcloud.com https://widget.stackla.com https://player.vimeo.com https://embed.wirewax.com https://config1.veinteractive.com; img-src 'self' data: https://cp.bhf.org.uk https://live.bhf.org.uk https://8455068.fls.doubleclick.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://pubads.g.doubleclick.net https://stats.g.doubleclick.net https://adservice.google.com https://www.google-analytics.com https://maps.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://optimize.google.com https://play.google.com https://www.google.com https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.nz https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com.au https://www.google.com.br https://www.google.com.cy https://www.google.com.eg https://www.google.com.et https://www.google.com.mm https://www.google.com.ng https://www.google.com.sg https://www.google.ae https://www.google.be https://www.google.bf https://www.google.ca https://www.google.de https://www.google.es https://www.google.fr https://www.google.gr https://www.google.ie https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.tt https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://i.ytimg.com https://796129.global.siteimproveanalytics.io https://c5.adalyser.com https://s3.amazonaws.com https://tools.applemediaservices.com https://cx.atdmt.com https://ads.avct.cloud https://x.bidswitch.net https://bat.bing.com https://scontent-iad3-1.cdninstagram.com https://scontent-syd2-1.cdninstagram.com https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://www.facebook.com https://report.bhf.gbqofs.io https://cdn.gbqofs.com https://gorentoys.net https://assets.hu-production.be https://images.hu-production.be https://www.linkedin.com https://px.ads.linkedin.com https://twemoji.maxcdn.com https://i5uzp6l0.micpn.com https://zswpmanager.wip.mmc.com https://bam.nr-data.net https://ct.pinterest.com https://pixel.quantserve.com https://idsync.rlcdn.com https://ws.sessioncam.com https://assetscdn.stackla.com https://web-assets.stackla.com https://uploads-cdn.stackla.com https://t.co https://trc.taboola.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://gjtrack.ucweb.com https://cookiee1.veinteractive.com https://a.volvelle.tech; media-src 'self' https://ssl.gstatic.com https://dop9av6nvryqq.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://cp.bhf.org.uk https://live.bhf.org.uk https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://tagmanager.google.com https://www.google.co.uk https://www.google.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://s2.adform.net https://track.adform.net https://c5.adalyser.com https://js.adsrvr.org https://static.ads-twitter.com https://s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://ads.avct.cloud https://ads.avocet.io https://bat.bing.com https://sjs.bizographics.com https://cdnjs.cloudflare.com https://d2oh4tlt9mrke9.cloudfront.net https://d3alqb8vzo7fun.cloudfront.net https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://chat-eu.freshdesk.com https://wchat.eu.freshchat.com https://report.bhf.gbqofs.io https://cdn.gbqofs.com https://healthunlocked.com https://wusote.hirizasune.com https://assets.hu-production.be https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://i5uzp6l0.micpn.com https://assets.nhs.uk https://ls.northchaddertonschool.co.uk https://z.moatads.com https://secure.myshopcouponmac.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.oracle.com https://quantcast.com https://quantcount.com https://edge.quantserve.com https://secure.quantserve.com https://s.pinimg.com https://services.postcodeanywhere.co.uk https://timeline51-clientstats1.pusher.com https://js.pusher.com https://stats.pusher.com https://rules.quantcount.com https://ws.sessioncam.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://turbo.qualaroo.com https://a.rfihub.com https://c1.rfihub.net https://sc-static.net https://siteimproveanalytics.com https://assetscdn.stackla.com https://goconnect.stackla.com https://widget.trustpilot.com https://analytics.twitter.com https://use.typekit.net https://config1.veinteractive.com https://sp.analytics.yahoo.com https://s.yimg.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com http://rtr.tolunastart.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://dfgmr6l6mkcrn.cloudfront.net https://use.fontawesome.com https://wchat.eu.freshchat.com https://net.ootil.fr https://assetscdn.stackla.com https://cloud.typography.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com; 2 script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 2 upgrade-insecure-requests; frame-ancestors https://www.reutersconnect.com 2 default-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline'; script-src live.hrz.uni-marburg.de 'self' 'unsafe-inline' 'unsafe-eval' https://webtrack.uni-marburg.de; child-src 'self' https://webtrack.uni-marburg.de; font-src 'self' data:; connect-src 'self' https://webtrack.uni-marburg.de; 2 frame-ancestors 'self' https://*.wikiloc.com; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; font-src 'self' fonts.gstatic.com *.helpcrunch.com *.seranking.com data: *; connect-src *; base-uri 'self'; worker-src *; manifest-src 'none'; media-src 'self'; img-src 'self' data: *; object-src 'self'; frame-src 'self' *; prefetch-src 'self' fonts.gstatic.com *.helpcrunch.com; form-action 'self' *.seranking.com *.facebook.com; 2 default-src 'self' *.lexmark.com lexmark.122.2o7.net activitymap.adobe.com assets.adobedtm.com bat.bing.com api.cloudinary.com res.cloudinary.com *.powerreviews.com mpsnare.iesnare.com *.adsrvr.org s.amazon-adsystem.com s3.amazonaws.com s3.eu-central-1.amazonaws.com *.boldchat.com ipinfo.io maxcdn.bootstrapcdn.com dpm.demdex.net lexmark.demdex.net *.digitalriver.com *.doubleclick.net *.eloqua.com img.en25.com cm.everesttech.net ssl.google-analytics.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com maps.googleapis.com ssl.p.jwpcdn.com jwpltx.com snap.licdn.com www.linkedin.com *.mgid.com *.omtrdc.net *.outbrain.com *.salesloft.com *.srv.stackadapt.com *.taboola.com vidassets.terminus.services lexmark.verifyit.us 'unsafe-eval' 'unsafe-inline'; font-src 'self' *.lexmark.com maxcdn.bootstrapcdn.com fonts.gstatic.com; style-src 'self' *.lexmark.com maxcdn.bootstrapcdn.com ui.powerreviews.com fonts.googleapis.com tags.srv.stackadapt.com 'unsafe-inline'; img-src 'self' https: data:; object-src 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri /bin/lexmark/csp-report; report-to lxk-report 2 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: http://*.travp.net; font-src https: data: 2 default-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.owncloud.com; img-src * data: blob: 'unsafe-inline'; frame-src *; connect-src 'self' *.mktoresp.com *.cloudfront.net *.cookiebot.com *.mktoutil.com *.owncloud.com *.google-analytics.com *.facebook.com *.doubleclick.net *.fontawesome.com; media-src 'self' *.24liveblog.com 'unsafe-inline'; style-src 'self' *.google.com *.datatables.net *.gstatic.com https://unpkg.com *.googleapis.com *.cloudflare.com *.marketo.com *.mktoresp.com *.owncloud.com *.fontawesome.com 'unsafe-inline'; font-src 'self' * data: 2 frame-ancestors 'self';frame-src static.addtoany.com www.youtube.com 'self'; default-src 'self' cdn.jsdelivr.net fonts.gstatic.com www.google-analytics.com data:; style-src cdn.jsdelivr.net fonts.googleapis.com static.addtoany.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net code.jsdelivr.net code.jquery.com dap.digitalgov.gov static.addtoany.com www.youtube.com www.google-analytics.com 2 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 2 frame-ancestors https://*.1stdibs.com; 2 upgrade-insecure-requests; connect-src * https:; img-src * blob: data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *.googletagmanager.com *.calendly.com *.visualwebsiteoptimizer.com *.fullstory.com *.crazyegg.com *.whova.com whova.com *.cloudfront.net *.typekit.net use.typekit.net *.adroll.com *.adroll.mgr.consensu.org cors-anywhere.herokuapp.com gist.github.com rum-static.pingdom.net *.ckeditor.com translate.googleapis.com translate.google.com *.jotform.com *.crazyegg.com cdn.jotfor.ms *.jotform.com static.issuu.com instagram.com www.instagram.com t.sf14g.com 1.tl813.com http://static.issuu.com analytics.twitter.com srdrvp.com static.ads-twitter.com apis.google.com *.addthis.com *.addthisedge.com secure.comodo.net static.ads-twitter.com platform.twitter.com www.googleadservices.com http://www.googleadservices.com *.akamaihd.net www.google-analytics.com www.google.com cdnjs.cloudflare.com *.typekit.net *.jotform.us cdn.jsdelivr.net ajax.googleapis.com connect.facebook.net www.facebook.com facebook.com use.typekit.net ssl.google-analytics.com *.gstatic.com cse.google.com www.googleapis.com *.mobilecause.com bam.nr-data.net googletagmanager.com formalyzer.com maps.googleapis.com e.issuu.com *.silkroad.com *.createsend.com *.createsend1.com *.polldaddy.com polldaddy.com *.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com secure4.entertimeonline.com *.dafdirect.org *.jotfor.ms *.jotform.io *.jotform.com *.vidyard.com; img-src 'self' data: about: 1.tl813.com arbordayblog.org * *.adroll.com *.leadlander.com *.advertising.com *.facebook.com *.google-analytics.com *.outbrain.com *.pubmatic.com *.3lift.com *.taboola.com dsum-sec.casalemedia.com *.rubiconproject.com ads.yahoo.com *.adnxs.com x.bidswitch.net *.youtube.com idsync.rlcdn.com us-u.openx.net *.atdmt.com *.s3.amazonaws.com log.pinterest.com i.ytimg.com *.jotform.com t.co *.gstatic.com *.instagram.com *.cdninstagram.com *.fbcdn.net www.google-analytics.com *.doubleclick.net *.jotfor.ms *.jotform.com csi.gstatic.com maps.gstatic.com p.typekit.net www.google.com www.googleapis.com maps.googleapis.com www.facebook.com *.google.com *.arborday.org www.googleapis.com ssl.google-analytics.com syndication.twitter.com shpg.org; font-src 'self' data: use.typekit.net fonts.googleapis.com fonts.gstatic.com *.jotfor.ms *.jotform.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net assets-cdn.github.com *.ckeditor.com *.githubassets.com use.typekit.net translate.googleapis.com *.gstatic.com cdn.jotfor.ms *.jotform.com www.google.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com *.dafdirect.org *.jotfor.ms *.jotform.com; frame-src 'self' *.soundcloud.com *.jotform.io calendly.com *.jotform.com whova.com *.whova.com *.berkeley.edu https://coolclimate.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com www.facebook.com *.google.com *.vimeo.com www.instagram.com syndication.twitter.com *.jotform.us https://staticxx.facebook.com *.igive.com cse.google.com pdf.snapandread.com app.mobilecause.com *.arborday.org www.arborday.org hotelfootprints.org www.hotelfootprints.org www.youtube.com http://www.youtube.c e.issuu.com api.braintreegateway.com treesandutilities.com *.silkroad.com ajax.googleapis.com connect.facebook.net platform.twitter.com *.addthis.com *.createsend.com *.createsend1.com *.leadlander.com *.vidyard.com; frame-ancestors 'self' www.logees.com *.liedlodge.org shop.arborday.org corporategifts.arborday.org *.domaincontrol.com *.ip.secureserver.net *.upnllc.com *.godaddy.com logees.com *.dutchmantreefarms.com dutchmantreefarms.com http://www.dutchmantreefarms.com www.bluehillwildlifenursery.com bluehillwildlifenursery.com treesandutilities.com www.treesandutilities.com *.secureserver.net *.akam.net *.godaddy.com *.silkroad.com createsend.com; connect-src 'self' arbordayblog.org *.saashr.com *.google-analytics.com *.fullstory.com *.jotform.com cors-anywhere.herokuapp.com *.gstatic.com secure4.entertimeonline.com rum-collector-2.pingdom.net *.crazyegg.com wss://www.arborday.org performance.typekit.net ssl.google-analytics.com *.jotform.us createsend.com *.doubleclick.net *.cloudfront.net appstoreconnect.com *.berkeley.edu *.vidyard.com; prefetch-src 'self' data: *.vidyard.com; 2 frame-ancestors https://*.propellerads.com; 2 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com; img-src 'unsafe-inline' 'unsafe-eval' * data:; 2 frame-ancestors 'self' qa-app.fastspring.com app.fastspring.com go.fastspring.com *.onfastspring.com qa4-identity-service.fastspring.com identity-service.fastspring.com prod-identity-service.fastspring.com login.fastspring.com; 2 frame-ancestors 'self' https://*.duke-energy.com https://my347363-sso.crm.ondemand.com https://my347363.crm.ondemand.com 2 base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://pagead2.googlesyndication.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://optimize.google.com https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'self' data: https://fonts.gstatic.com https://www.mbank.pl; connect-src 'self' https://ad.doubleclick.net https://adservice.google.com https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://consentcdn.cookiebot.com https://form.axaubezpieczenia.pl https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://lp.skp.mbank.pl https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://search.interconsystems.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://consentcdn.cookiebot.com https://form.mbank.pl https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'self' https://www.mbank.pl; 2 style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; upgrade-insecure-requests; 2 frame-ancestors 'self' https://www.stems-music.com; 2 frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.devjones.com accountaccess.devjones.ca iaa-api-gateway.apps.devjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; report-uri /report-csp-violation 2 frame-ancestors 'self 2 default-src 'self' 'report-sample'; object-src 'self' *.aleks.com *.connectmath.com www.viddler.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aleks.com *.connectmath.com www.youtube.com s.ytimg.com ssl.p.jwpcdn.com cdn.mathjax.org cdnjs.cloudflare.com connect.facebook.net rum-static.pingdom.net munchkin.marketo.net js.braintreegateway.com maps.googleapis.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com linkhelp.clients.google.com static.cdn-ec.viddler.com 'report-sample'; style-src 'self' 'unsafe-inline' *.aleks.com *.connectmath.com fonts.googleapis.com static.cdn-ec.viddler.com; connect-src 'self' *.aleks.com *.connectmath.com *.mktoresp.com *.mktoutil.com api.viddler.com subtitles.cdn-ec.viddler.com www.facebook.com www.googleapis.com stats.g.doubleclick.net *.pingdom.net api.sandbox.braintreegateway.com *.sandbox.braintree-api.com api.braintreegateway.com client-analytics.braintreegateway.com; font-src 'self' static.aleks.com static.connectmath.com themes.googleusercontent.com fonts.gstatic.com data:; media-src *.aleks.com *.connectmath.com highered.mheducation.com paris.mheducation.com s3.amazonaws.com aleks-corp.s3.amazonaws.com mcgrawhill-vfs.cdn-ec.viddler.com www.viddler.com data: about:; img-src https://* data: blob:; frame-src * ldb1: data:; base-uri 'self'; report-uri /aleks/csp_report?stamp=web2021092001 2 frame-ancestors https://www.squarespace.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.stripe.com *.sentry.io *.braintreegateway.com *.braintree-api.com *.exploretock.com *.fullstory.com *.facebook.com api.rollbar.com *.doubleclick.net www.google.com *.podium.com *.googleapis.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.stripe.com *.braintreegateway.com *.chase.com *.exploretock.com connect.facebook.net *.fullstory.com www.googleadservices.com api.rollbar.com optimize.google.com maps.googleapis.com *.podium.com static.cloudflareinsights.com appleid.cdn-apple.com; img-src 'self' blob: data: *.exploretock.com *.stripe.com *.braintreegateway.com *.facebook.com *.fbsbx.com *.gravatar.com i0.wp.com i1.wp.com *.google.com *.googleapis.com *.googleusercontent.com www.google-analytics.com www.gstatic.com maps.gstatic.com *.doubleclick.net *.googletagmanager.com https://trkn.us; child-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com optimize.google.com; frame-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com *.chase.com www.facebook.com optimize.google.com connect.facebook.net www.google.com *.kaptcha.com; 2 frame-ancestors 'self' corning.com *.corning.com *.corningmsp.com *.ceros.com *.ariba.com 2 frame-ancestors 'self' path.absolute.com www.path.absolute.com 2 upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src 'none'; worker-src 'self' blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com connect.facebook.net *.bounceexchange.com *.googleadservices.com *.doubleclick.net *.google-analytics.com st1.dialogtech.com bat.bing.com *.googleapis.com nsg.symantec.com analytics.po.st po.st *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.liveclicker.net *.netapp.com *.demdex.net *.d41.co *.cxense.com static.ads-twitter.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.simpli.fi pixel.mathtag.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net media.flixfacts.com *.youtube.com media.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.bouncex.net *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.adsrvr.org *.dotomi.com blob: *.flixsyndication.net data.g2.com data.g2crowd.com *.adobe.com *.hotjar.io *.eloqua.com *.gstatic.com app.leadsrx.com *.turnto.com snap.licdn.com *.hs-scripts.com *.teads.tv *.ispot.tv *.youvisit.com www.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com alb.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.bazaarvoice.com *.needle.com *.bounceexchange.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net media.flixcar.com *.easy2.com *.amazonaws.com platform.twitter.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com;img-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.needle.com px.spiceworks.com *.liadm.com *.bounceexchange.com *.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com nsg.symantec.com *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net media.flixfacts.com *.youtube.com media.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com platform.twitter.com *.linkedin.com *.tribalfusion.com *.company-target.com www.facebook.com *.bouncex.net *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com st2.dialogtech.com secure.insightexpressai.com px.gumgum.com *.bluekai.com k.intellitxt.com *.everesttech.net *.adnxs.com sync.fastclick.net simage2.pubmatic.com us-u.openx.net ads.yahoo.com pixel.rubiconproject.com *.advertising.com magnetic.t.domdex.com *.rfihub.com *.mathtag.com *.mathtag.co *.amgdgt.com *.casalemedia.com *.bluecore.com *.prod.bidr.io cdn.optimizely.com syndication.twitter.com x.bidswitch.net pe.intentiq.com p.adsymptotic.com loadm.exelator.com *.adsrvr.org um.simpli.fi acuityplatform.com data: *.dotomi.com *.flixsyndication.net liveintent.com cbssports.com maxpreps.com wogo ce.lijit.com soma.smaato.net cs.admanmedia.com eb2.3lift.com live.sekindo.com *.adobe.com *.sc.omtrdc.net *.core.windows.net wac.edgecastcdn.net snap.licdn.com *.teads.tv *.ispot.tv *.youvisit.com *.syndigo.com *.syndigo.cloud *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.mediaiqdigital.com *.redditstatic.com alb.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com pixel.mintigo.com;frame-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.hotjar.com *.needle.com *.liadm.com *.bounceexchange.com *.doubleclick.net nsg.symantec.com selectors.cnetcontentsolutions.com *.google.com *.twitter.com *.justuno.com *.liveclicker.net *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com pixel.mathtag.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net *.youtube.com media.flixcar.com *.easy2.com www.facebook.com *.rlcdn.com *.cloudfront.net rs.gwallet.com *.liveclicker.com pages.cdwemail.com www.emjcd.com *.dotomi.com www.kingston.com *.flixsyndication.net cdw.zuberance.com *.hotjar.io *.eloqua.com *.swcontentsyndication.com www.cisco.com cl.s4.exct.net *.youvisit.com www.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app;font-src 'self' 'unsafe-inline' *.cdw.com *.needle.com *.bounceexchange.com *.googleapis.com *.cnetcontent.com *.demdex.net *.webcollage.net a.sellpoint.net media.flixfacts.com media.flixcar.com *.easy2.com *.cloudfront.net data: *.flixsyndication.net *.typekit.net *.adobe.com *.gstatic.com *.syndigo.com *.syndigo.cloud;connect-src 'self' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com *.bounceexchange.com *.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com *.googleapis.com nsg.symantec.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net platform.twitter.com *.company-target.com www.facebook.com *.bouncex.net *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com data.g2crowd.com *.adobe.com *.hotjar.io app.leadsrx.com *.turnto.com *.teads.tv *.ispot.tv *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com p11.techlab-cdn.com;object-src 'self' a.sellpoint.net *.scene7.com;worker-src 'self' *.needle.com *.cloudfront.net blob:;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net media.flixfacts.com *.youtube.com blob: *.flixsyndication.net *.youvisit.com *.syndigo.com *.syndigo.cloud *.tiqcdn.com *.scene7.com; 2 frame-ancestors 'self' https://app.optimizely.com 2 frame-ancestors https://*.ionos.fr https://ionos.fr; 2 connect-src 'self' *.licdn.com *.goldenbees.fr *.doubleclick.net *.indeed.com https://tools.euroland.com https://pr.globenewswire.com/ https://player.podigee-cdn.net/ https://tools.eurolandir.com/ https://ing.blueconic.net https://plugins.blueconic.net *.readspeaker.com https://assets.adobedtm.com https://www.google-analytics.com https://www.googletagmanager.com https://working2.ad.ing.net https://fetchingxml.000webhostapp.com https://cdn.dimml.io https://www.youtube.com https://www.youtube-nocookie.com https://platform.twitter.com https://w.soundcloud.com https://cdn.podigee.com https://emplocity.com https://connect.facebook.net; child-src 'self' *.licdn.com *.goldenbees.fr *.doubleclick.net *.indeed.com https://activitymap.adobe.com/ https://tools.euroland.com https://pr.globenewswire.com/ https://tools.eurolandir.com/ https://syndication.twitter.com/ https://player.podigee-cdn.net/ *.readspeaker.com https://www.youtube.com https://www.youtube-nocookie.com https://platform.twitter.com https://w.soundcloud.com https://cdn.podigee.com https://emplocity.com https://connect.facebook.net; report-uri /csp-violation-report-endpoint/ 2 frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 2 default-src 'self' https://darksky.wufoo.com maps.darksky.net https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' http://storage.googleapis.com https://www.wufoo.com https://maps.googleapis.com https://ajax.googleapis.com https://secure.wufoo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com 2 frame-ancestors 'self' https://de-ecom-1411-fb-storeappl-prod.firebaseapp.com https://de-ecom-1411-fb-storeappl-prod.web.app https://de-ecom-1411-fb-storeappl-test.firebaseapp.com https://de-ecom-1411-fb-storeappl-test.web.app 2 frame-ancestors https://*.crashplan.com https://*.crashplan.com:4285 https://*.crashplanpro.com https://*.crashplanpro.com:4285 https://*.code42.com https://*.code42.com:4285; https://*.us2.code42.com; https://*.us2.code42.com:4285; 2 frame-ancestors https://zwfw.fujian.gov.cn http://test.fujian.gov.cn https://test.fujian.gov.cn http://220.160.52.102:33003 http://www.xm.gov.cn https://www.xm.gov.cn http://ptgl.fujian.gov.cn https://ptgl.fujian.gov.cn http://fujian.gov.cn https://fujian.gov.cn http://www.fujian.gov.cn https://www.fujian.gov.cn http://fj.gov.cn https://fj.gov.cn http://www.fj.gov.cn https://www.fj.gov.cn http://test.fujian.gov.cn https://test.fujian.gov.cn 2 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 2 frame-ancestors 'self' *.ibm.com ; child-src blob: * 2 frame-ancestors 'self' file: filesystem: ionic: http://localhost:8080; 2 frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.servic